The General Data Protection Regulation (GDPR) is an evolution of the current Data Protection Act (1998) and comes into effect today (25 May 2018) alongside the newly enacted and GDPR-aligned Data Protection Act (2018).
The new act also implements the European Union (EU) Law Enforcement Directive, as well as extending domestic data protection laws to areas which are not covered by the GDPR.
Regulated by the Information Commissioner’s Office (ICO), the law gives people more control about how their data is used, shared and stored, and requires organisations to be more accountable and transparent about how they use it.
For the past two years, the ICO has been helping organisations prepare for the new law by producing guidance and online resources, speaking at events and setting up a dedicated helpline for small businesses.
On GDPR compliance deadline day, the ICO is launching a long-term campaign to help people understand why their data matters and how they can take back control.
The Your Data Matters campaign aims to increase the public’s trust and confidence in how their data is used and made available.
Information commissioner Elizabeth Denham said: “Almost everything we do – keeping in touch with friends on social media, shopping online, exercising, driving, and even watching television – leaves a digital trail of personal data.
“We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable. It’s important that it stays safe and is only used in ways that people would expect and can control.”
The GDPR gives people more and stronger rights when it comes to their personal data, and the new campaign is aimed at helping people understand how they can exercise those rights, the ICO said.
For the campaign, the ICO has collaborated with a range of public and private sector organisations to produce publicity materials that can be used by anyone wanting to spread the message to their customers or clients.
The ICO has also launched a new Twitter account for the public, @YourDataMatters, to complement its @ICONews account, which has 63,500 followers.
Organisations wanting to pledge their support for their customers or service user’s data rights can sign up to a public register. This will be a public demonstration of their support for people’s data rights and carries the ICO logo.
Denham said personal data “matters to individuals, and it really should matter to the organisations that they choose to share it with”.
“From 25 May 2018, individuals have more control and more rights over your personal data. Organisations have more and stronger obligations to look after it better too,” she said.
Business opportunities are ‘enormous’, says Denham
How well a business or charity or service provider looks after personal information should be something everyone thinks about when choosing to take their business from one organisation to another, said Denham.
“As the UK’s data protection regulator, I’m here to make sure organisations do look after your data properly, and from today my office has much stronger powers to help us do this,” she said.
The positive side for businesses, said Denham, is that for those who do build customer trust in how they collect and use personal data under the new arrangements, the opportunities to improve your business and the services you offer, are “enormous”.
Denham said she hoped businesses are “excited” and “ready to go”, but to those who are not yet prepared she had a message of encouragement.
“Don’t panic. Today is not the end of anything, it is the beginning. The important thing is to take concrete steps to implement your new responsibilities – to better protect customer data. My office is looking forward to continuing to work with you to help.
“We have a whole suite of resources on our website. Our guide to the GDPR has been accessed over 2.5 million times, as well as toolkits and handy checklists – all to help you navigate through the new law.
“I hope you’ll all welcome today and embrace the opportunities and challenges that the GDPR brings – to reset your relationship with customers and make sure you are respecting their privacy and securing their data. This is the best way to make sure you are taking people with you on your business journey,” she said.
Ironically, the ICO’s website was unavailable for more than two hours on the eve of the GDPR deadline, according to The Telegraph, apparently unable to cope with the demand for information and services as many organisations left it to the very last minute to get up to date on the new data protection regulations.