Author: Natasha Golec, Social Media & Marketing + Marcelo Pedro, Web Designer/Developer
Needless to say, last year gave us quite a few surprises: Brexit, Trump… hum, moving on swiftly!
Since we cannot always predict what the future will bring us, we can certainly prepare ourselves for any upcoming announced change, especially when it comes with a good amount of warning.
In case you haven’t already gathered, some big adjustments are coming your way, and we thought we’d give you a heads up so you’re ahead of the game (just thank us later).
2018 is facing some new and pretty huge rules concerning EU & UK Data Protection. You may be thinking ‘that’s not until next year, I’ve got time’. But be careful, 2017 is going by real fast!
The General Data Protection Regulation (or GDPR for the lazy ones like us) is a name you will undoubtedly hear about more and more, and to simply set it out, any company or organisation dealing with personal data from EU citizens (we’ll come back to why this specificity is important a little later) will be liable for any data collected from an individual without their knowledge or consent, and users will be entitled to know what kind of data is being collected and for what purpose.
Of course, as for every bit of law written in the past few decades, it is about as exciting to read as it sounds, so to help ease the pain, we’ve narrowed it down to some of the most important points you need to know in order to understand what all of this actually means.
So grab a tea and get comfy, you’re in for a treat.
Do we really need this?
Whether or not you’re concerned about your online records and all of the data collected as a result, one thing is for sure: a lot of companies are making A WHOLE LOT OF MONEY by using you (quite literally), and you don’t even get paid for it! How rude…
Well, all of that is about to change (but unfortunately, you still won’t get paid).
The last regulations in the UK go back to 1998, and it may not seem that long ago, but 20 years in the tech world is a very VERY long time, even more so if you consider at that time, the internet was still very much in its infancy.
Since then, we all became seriously addicted to the web, allowing companies to collect personal information to a point never seen before:
to put it more into perspective, hundreds of companies have more data about you than any amount of information ever gathered about a person spied upon during the second world war. Yup, true fact!
And did they do that by telling you that it was just to improve your online experience? How kind of them.
When is it coming into force?
Grab your diaries, because the official date for the GDPR to come into action is May 25th, 2018, and although it may sound like companies still have a bit of time to get ready, the changes they may need to complete can be rather significant and lengthy, which is why it is so important that every company handling EU citizens personal data in some shape or form prepares themselves.
Any company or organisation that doesn’t comply with these new regulations and rules, once made official, could be facing some heavy fines, and we mean heavy:
a company could be subject to a fine up to 4% of its global revenues, or 20 million euros, whichever is greatest.
So now that you know, off you go and make those changes! (… well, wait until after this wonderful article though)
What impact will it have on companies?
Unsurprisingly, the most controversial point is this very question, and although it is hard to anticipate the real impact, chances are that it’ll be pretty significant depending on the current structure of a company around its data collection.
Most companies holding personal information will now be liable for the collected data and its protection, an area almost always ignored. In order to do so, they will have to put certain things in place such as:
– likely appoint a Data Protection Officer which can be both hired or contracted, who (the job title is pretty clear here) will be responsible for the data protection, both on tech and law terms, including cyber attacks
– any required personal info will have to be clearly explained and agreed to and by the user/customer
– more power to the user over our data, with new erasure rules to request the suppression of personal information as well as compensation claims over unlawful data processing
– EU citizens information sharing will be subjected to new protection rules on a global scale
This is where we go back to the EU citizens reference that we mentioned at the beginning of this article, and don’t be misled by the EU mention: the aim is to apply and give back (some) control to EU (and UK) citizens over their personal data gathered online and/or by companies, no matter where in the world that company is located.
So yeah, the impact of the new EU GDPR will be of global scale.
And what about on a personal level?
As you may have already realised by now, it’s all pretty positive for us as individuals really.
Companies will now not only have to clearly explain and justify what it is that they collect about us, but also (and finally) be liable for that information and held responsible if any damage would happen to it or as a consequence of it.
In this case, the main issue is that the internet has by far outgrown our current (and rather obsolete) regulations, allowing many businesses to take advantage of (or more like the lack of) it over far too many years. Therefore, in principle, this could be a very positive change for all of us when these new regulations come into place.
So, does this mean that EU and British citizens will finally get our online privacy back?
Not really, but it is nevertheless a step forward in the right direction.
And there you have it. The new GDPR regulations explained and well, hopefully, understood.
So off you go now (to other places within our website of course), but before you do just remember:
if you’re a business or organisation, it may be wise to prepare yourself as the clock is already ticking, and it isn’t something any company should take lightly or expect to be able to deal with in just a few weeks.
Communication will be key in order to do that, so if you require any help (be it for an internal comms campaign through info/gifographics to keep your employees/colleagues up-to-date, or even at a social media level to reassure your users/followers), worry no more friend: sit back, relax, and send Salamandra.uk a fax (… actually an email or call would be better, but those didn’t rhyme).
And with regards to you, our reader, be happy, smile, and share it online (the last one in moderation though)!