New legislation known as GDPR (General Data Protection Regulation) is being enforced on the 25th May 2018. This will replace the existing Data Protection Act. As technology develops and data sharing becomes more common, data protection is becoming more and more important.
Many of us don't always know how our data is being used and protected by the companies we’re giving it to, this new legislation aims to make it easier to access and control your data.
Essentially, GDPR will affect everyone in all 28 EU member states, from businesses big and small, to customers and consumers.
When it comes to implementing GDPR, the biggest changes will be seen by businesses rather than consumers – since they’re the ones who will have to adjust the way they handle data to align with the new legislation, however please read on to understand what these new rules means for you.
What is GDPR and why do we need it?
As technology develops and our private data is being used and shared in countless new ways, people are understandably becoming increasingly worried about security.
There are two key reasons why GDPR is being introduced – to bring all EU member states under one common regulation, and to update regulations to reflect our new digital age.
Different countries in the EU follow different rules and regulations when it comes to data sharing and privacy, which can get quite confusing when data is being shared between people and companies in different countries. GDPR will be enforced across all 28 EU member states, meaning everyone is following the same rules!
In the UK, companies are still following the 1998 Data Protection Act to ensure the safety of people’s data. But technology and data sharing has developed a lot since 1998. This means that the current regulation may not be entirely suitable for the needs of consumers and the types of technology we’re seeing today. GDPR will replace the Data Protection Act to better protect our data from breaches and hacks.
This is great news, considering huge companies like XBOX, Gmail, Uber and Three all experienced major data breaches last year. In fact, the UK government reports that 46% of all UK businesses have identified at least one data breach or cyber attack in the last 12 months, and that bigger companies (those making a profit of over £2million a year) are the most likely to identify a breach.
What Data does GDPR Protect?
GDPR aims to protect any personal data a company holds about you – including your name, address, email address, images, social networking accounts, IP address or medical history.
It will also cover more sensitive data such as your sexual orientation, your genetics, your political views or any trade union memberships.
Consumers don’t have to do anything in particular to prepare for the new legislation, but you do gain a number of ‘rights’ when it comes to your data, including:
The right to be informed– you have a right to know how your data will be used by a company.
The right to access your personal data– you can ask any company to share with you the data they have about you!
The right to rectification– this just means you can update your data if it’s inaccurate or if something is missing.
The right to erasure– this means that you have the right to request that a company deletes any personal data they have about you. There are some exceptions, for example, some information can be held by employers and ex-employers for legal reasons.
The right to restrict processing– if you think there’s something wrong with the data being held about you, or you aren’t sure a company is complying to rules, you can restrict any further use of your data until the problem is resolved.
The right to data portability– this means that if you ask, companies will have to share your data with you in a way that can be read digitally – such as a pdf. This makes it easier to share information with other companies, such as your bank details when applying for a loan.
The right to object– you can object to the ways your data is being used. This should make it easier to avoid unwanted marketing communications and spam from third parties.
Rights in relation to automated decision making and profiling– this protects you in cases where decision are being made about you based entirely on automated processes rather than a human input.
Whether or not you exercise your new rights is up to you – the main thing to remember is that they’re there if you need them.
Gannon Sports and GDPR
We strongly believe that your personal details are your own and as such should remain personal, however we do need some data to provide you with the best service possible. Below we outline what data we use and our policies regarding its protection.
What do we do with your data -
To fulfil orders, answer enquiries and provide our range of services it is often necessary to hold some data. We only ever use this data for contacting our customers, we never share data with 3rd parties.
What data do we hold -
Depending on the specific circumstance we may hold the following - Name, Address, Phone Numbers, Email address.
Your data and Gannon Sports -
If you would like more information regarding your data, please simply contact us at firstname.lastname@example.org we will happily inform you of what data we hold and make any changes that may be required. You have the right to object to how we process your personal information. You also have the right to access, correct, sometimes delete and restrict the personal information we use. In addition, you have a right to complain to us and to the data protection regulator.