On 25th May this year the General Data Protection Regulation (GDPR) will come into force in the UK. This marks a seismic shift in the landscape of individual data protection and has been designed to give consumers more control over their information. It will mean that individuals have a lot more rights when it comes to how their information is collected and used – and it also requires any business that is using individual data to ensure that its processes are compliant. But what does this actually mean for customers who disclose personal data – and for the businesses that want to work with it?
What does GDPR mean for business?
Rather worryingly, the Federation of Small businesses conducted a survey of its members and identified that only around 8% of them feel ready for changes. In addition, only a third had begun to put measures into place to ensure GDPR compliance. Many said that they simply didn’t understand what was required of them and that the scope of the GDPR is so broad that it could cost up to £10,000 to make the required changes. However, the new rules introduced by the GDPR don’t just set a new standard of data protection they also usher in a new era of enforcement too. Any business, no matter how small, that isn’t GDPR compliant could face fines of up to €20 million or 4% of turnover. So, what are the key areas of the GDPR that businesses need to note?
The need for better consent. The GDPR requires that businesses have user consent in order to store details and data about them. This consent must be clear, well informed and unambiguous, as well as given by affirmative action. That means that it’s no longer acceptable to scrape data from websites or to pre-tick consent boxes.
Consumers can revoke consent at any time. Where a user revokes the consent they have given to a business to use and store their data this needs to be actioned in a timely way, which could present a significant issue for businesses that just don’t have the systems in place to do this.
Buying marketing lists is no longer an option. Compliance with the GDPR presents big challenges for businesses looking to market to a new audience because cold calls and buying marketing lists will mostly be unacceptable. Instead, it will be necessary to establish that the consumer really wants to hear from the business and what it is that they want to hear about.
Data security now needs to be inbuilt. There are many new provisions that apply to the security of data that is in the hands of a business. Perhaps one of the most potentially problematic is the requirement to notify if there has been a security breach. Now, businesses have just 72 hours to do this. The very public nature of notification could create some real issues for small businesses reliant on customer trust to grow.
What does GDPR mean for consumers?
Particularly in the light of the recent Facebook and Cambridge Analytica scandal, there is a lot of focus right now on what happens to consumer data after we hand it over. But what is the GDPR really likely to change for consumers?
The right to be forgotten. Consumers who don’t want a particular business to continue to have information about them can ask for all of it to be deleted.
More privacy transparency. For example, businesses can no longer use complex and hidden privacy notices to bamboozle customers about what really happens to their data, as the GDPR requires that it’s all set out clearly and simply in black and white.
The right to access data. Consumers can request that a company reveal all the information that they hold on that individual. This used to be something that businesses charged for but with the GDPR it’s an action that will have to be completed for free.
The right to object. Consumers will have more right to object to their data being used for direct marketing – and this is something that the businesses using the data have to highlight to their customers.
The necessity of opting-in to communications. Because there are new and much stricter requirements for businesses to obtain proactive consent from consumers to communications, this should reduce the amount of unwanted communication received. Once the GDPR is in place businesses won’t be able to add customers to a mailing list just because they make a purchase, for example, unless there has been explicit and specific consent.
Alex Hartley is a keen advocate of improving personal finance skills. She's worked at Solution Loans since 2014 and written hundreds of articles about how people can manage their money better. Her interest in personal finance goes way back to...Read about Alex Hartley
We use cookies to make your experience on our site even better. They also help us to understand how you use our site. By clicking 'Accept All' you're agreeing to our use of cookies. You can change your cookie preferences by choosing 'Manage Settings' and if you want to know more, you can read our cookie policy.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.