What is GDPR?

You may have read about it all over your social media in the past two weeks or you potentially have seen the countless number of e-mails landing in your inbox from worried businesses.

Even with all this attention you may well be sitting thinking what on earth is GDPR?! Well, we’ve tried to break it down, nice and easy for you so a.) You know how it affects you and b.) You have a great understanding of how it works.

Lets start with “What is GDPR?”

On 25 May 2018, the General Data Protection Regulation (GDPR) was enforced across Europe, including the UK. Its ambition is to give citizens more control over their data and to create a uniformity of rules to enforce across the continent.

That seems like a good thing, so why are businesses so concerned?

Businesses are worried that they will lose their ability to communicate with their client base on a daily basis and fear it will hinder them going forward.

So how exactly does GDPR affect the individual?

Under the GDPR, individuals will have:

The right to access –this means that individuals have the right to request access to their personal data and to ask how the company uses their data after it has been gathered. The company must provide a copy of the personal data, free of charge and in electronic format if requested.

The right to be forgotten – if consumers are no longer customers, or if they withdraw their consent from a company to use their personal data, then they have the right to have their data deleted.

The rights to data portability – Individuals have a right to transfer their data from one service provider to another. And it must happen in a commonly used and machine-readable format.

The right to be informed – this covers any gathering of data by companies, and individuals must be informed before data is gathered. Consumers have to opt in for their data to be gathered, and consent must be freely given rather than implied.

The right to have information corrected – this ensures that individuals can have their data updated if it is out of date or incomplete or incorrect.

The right to restrict processing – Individuals can request that their data is not used for processing. Their record can remain in place, but not be used.

The right to object – this includes the right of individuals to stop the processing of their data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to individuals at the very start of any communication.

The right to be notified – If there has been a data breach which compromises an individual’s personal data, the individual has a right to be informed within 72 hours of first having become aware of the breach.

Now we hope this has solved the big mystery behind what is GDPR? And that you have a working knowledge of how you’re protected and how your business or marketing may now be affected.