Every day we hear news about another big company being hacked with our data potentially being auctioned off in some corner of the dark web. In some cases this news breaks long after it originally happened, with the company involved at best unaware and, at worst, seeking to hide the breach. Many of us will have also received marketing messages that are just a little too personal, containing details that make you question how this business knows so much about you. The situation is made even worse when you receive these messages from organisations you haven't knowingly interacted with. The list goes on and on and can leave everyone feeling powerless, with the view that their personal data is now public property to be misused and exploited by any company. Thankfully, help is at hand with the snappily named General Data Protection Regulation (GDPR).
GDPR is the culmination of nearly a decade of negotiation within the EU. It comes into effect in May 2018 and covers any company using EU citizens' data. Every organisation needs to comply with it or risk substantial fines. It is also not effected by Brexit as the UK will introduce a new bill, the Data Protection Bill, which will ensure we retain parity with the EU. So why should you care about GDPR?
Put simply, its purpose is to update data protection laws for the digital age. It will better protect your data, give you much more control over how your data is managed and stored, ensure companies are transparent with how they use your data, and will revolutionise your relationship with marketing. If this is the first time you have heard about GDPR you are not alone. Many businesses are now waking up to the vast impact of the regulations and are now racing to ensure they are compliant.
In practice, the first change you are likely to experience is a series of email campaigns from every organisation that holds your data requesting to continue sending you marketing messages. Crucially, these companies will need your explicit consent. If you refuse to give consent the company can no longer send you a marketing message - if they do they are in breach of GDPR. It's worth noting that many companies will create 'compliance hubs' which will enable you to control the specific types of message you receive.
After the May deadline you should note a huge drop off in the amount of spam and unsolicited emails hitting your inbox.
This is just the start. The more radical changes involve data control. You will now be able to request all the data a company holds on you and demand that it is destroyed or changed. Businesses will also need to gain your consent for analysing your data and you will be able to modify any consent you have previously given.
In relation to hacks, companies will need to notify you within 72 hours if there is a breach - no more burying bad news. Security provisions are also going to be much tighter with organisations required to adhere to better data protection standards and procedures.
There are many more provisions within GDPR that tweak our relationship with data. The cumulative effect is to empower people to take back control, improve confidence and trust in the businesses that data is shared with. Ultimately, this may have far more dramatic consequences. For example, by enabling people to easily revoke consent and take their data away from an organisation, a new market could evolve which will allow people to share their data to different organisations if they wish. An entire ecosystem of platforms could develop to allow people to manage and possibly monetise their personal information. This may not be an option that many people will want to exercise, but the important message is that in a post-GDPR world we will all have more freedom to control and use our own data.
Organisations will also have to play by much tougher rules, which eventually may reduce data breaches.
We have all got used to a world of 'free' services such as Facebook and Google. The price we have actually paid has been to freely give away our most personal information. For a while it may have seemed worth it but as technology has advanced so quickly, enhancing the collecting and analysis of data to reveal more and more intimate details, we've lost control over the information we share. Many organisations have also been careless with how they safeguard our data. It is right that this balance is redressed by GDPR.
Julian Saunders is CEO and founder of data management and GDPR compliance solution PORT.im