Top 10 facts you need to know about GDPR

On May 25th 2018, a change is coming… The current data protection legislation is repealed and we will see the beginning of the General Data Protection Regulation. Some have likened the GDPR to the Y2K bug, or “millennium bug”, because of its immutable deadline, immense technology requirements and grave consequences.

If you haven’t already heard of the General Data Protection Regulation and it’s seemingly all-encompassing scope, let us summarise some of the key points:

  1. You have waited for this change for 20 years - the GDPR is the first change to data protection legislation in the UK since 1998.
  2. You have more control over your personal data – the GDPR has extended the definition of personal data to include online identifiers, location data etc.
  3. You are covered by the scope of the GDPR* regardless of an organisation’s size or location – the GDPR applies to processing of personal data of EU citizens.
  4. You have new rights – such as the right to be forgotten, the right to be informed and the right to restrict processing.
  5. You have more power over your information – you can request a copy of your personal data held by a company free of charge.
  6. You will probably see consent requests often – the GDPR requires firms to have a lawful basis for processing personal data, one being consent from the individual.
  7. You can actively and explicitly opt in to exactly what you want – the GDPR requires consent to be freely given, specific, informed and unambiguous.
  8. You will know why and how your data is being processed – the GDPR requires firms publish their lawful basis for processing in the privacy policy.
  9. You can be assured that your privacy is paramount – the GDPR has hefty fines for firms who are not found to be compliant (€20,000,000 or 4% of annual turnover).
  10. You will be informed of any data breaches if necessary – the GDPR requires firms to inform affected individuals without undue delay if the breach is likely to result in a high risk of adversely affecting an individuals’ rights and freedoms.

 *If you are an EU citizen.

As you can see, the GDPR is a much needed step in the right direction towards control of our own data. The penalties for non-compliance are harsher, the regulator is becoming more aggressive and the deadline is looming meaning that your privacy will be put at the forefront of any organisation's operations.

Questor Insurance are committed to protecting and respecting the privacy of all customers, however do not provide any advice. If you would like further information regarding this, please visit www.ico.org.uk.

Date Created: 09 May 2018 by Daniella Peers