You may not have heard of ‘GDPR’ (or the General Data Protection Regulation). It came into law nearly 2 years ago in May 2016, with a two year transition period until it becomes mandatory. As is the way, mostly everyone’s ignored it until now, when there are only a few weeks left. On 25th May 2018 the new rules apply to pretty much every single business. Now the rush to comply is on …
Your ‘personal data’ just got bigger.
GDPR widens the definition of ‘personal data’ to include things like IP addresses (the internet address of your device) and cookies (For more information on my cookies see my Cookie Policy)
People who collect your Personal Data need to tell you more (and could be in line for BIG fines if they fail to comply)
If you collect personal data (such as email address, or phone number) you need to be very clear about why you do so and how long you hold it for. You cannot hold it longer than necessary. I need to keep customer data for just over 6 years – because the HMRC requires me to. After that time I must delete it.
If you collect personal information over a website (eg via an online account, or even a contact form) the regulations are even stricter than if you don’t, and you will need to register with the Information Commissioner’s Office (ICO). That’s one of the reasons I don’t have a contact form on my site! There are exemptions for social clubs and charities.
Consent needs to be explicit
Companies can no longer ‘pretick’ boxes to send you marketing emails or newsletters. Instead you have to explicitly opt in to every single different type of communication. If you create an account, then system messages will be exempt (for instance an email with a link to verify your account).
Cookies are invasive and pervasive
Ever wondered why, when you’ve just searched online for a new pair of shoes, you suddenly start seeing adverts for that exact product everywhere on the internet? Advertising cookies are responsible. They track you. They track you over multiple websites, they know what you search for and what websites you visit. So when you hit a website with advertising, you get shown adverts for products which they pretty much know you are interested in.
My website does not have adverts but my website provider (Weebly) does have advertising cookies. You can learn how to switch them off in my Cookies Policy
GDPR requires websites to tell you what cookies are being used, and allow you to opt out of them. Opting out of some categories of cookies may mean you will no longer be able to use that website. But advertising cookies are definitely safe to say no to!
You have more rights than ever before!
You can ask companies to tell you what data they hold about you, and you can ask them to ‘forget’ you (delete that data). If you don’t think a company is handling your data properly, then you can complain to the ICO
See my Privacy policy for an example!
Fines just got serious
A breach could result in a fine of up to 20 million Euros, or 4% of global turnover. So the implications for large corporates are huge
So as companies rush to meet the deadline, expect many more emails asking you to confirm contact preferences, and expect to see updates to cookie policies too!
