The amount of data that is exchanged in today’s world is breathtaking. Everything we do in the connected world can be harnessed by brands, municipalities, and even governments to modify their services to be more tailored and personalised than ever before. ‘Big Data’, the trendy phrase for this phenomenon, couldn’t in reality be more of an understatement. However, the harvesting of such colossal amounts of data hasn’t come without raising ethical questions from the standpoint of consumers and citizens. Are we really being properly made aware of the type of personal data which is might be making available to businesses and governments – scrupulous or otherwise – through mundane tasks such as browsing the web? And, more importantly, do these organisations have our consent to do so?

These are exactly the kind of concerns that new regulations set to come into play on 25th May next year, the General Data Protection Regulation (GDPR), will address. The idea behind GDPR is to give citizens and consumers more control over their data with a uniform ruling set to be enforced across the EU – and yes, that still (for the moment, at least) includes Britain!

GDPR For Business

So, what will the GDPR rulings mean in practice for businesses? Essentially, every business handling personal data on customers, prospects, or employees based within the EU will need to review their processes – and need to be preparing for the change now. If the GDPR laws are ignored, a fine of up to 4% of their global annual turnover (up to €20m) could be incurred. But the GDPR are more than just a compliance issue. Ultimately, these laws are there to protect consumers, who care about their privacy. It makes sense for businesses and public bodies alike to demonstrate that they understand the cultural aspect of these laws – not just the potential financial costs. After all, this is potentially an opportunity to build more trust with their customers and citizens on a more equitable playing field. And that makes business sense.

It may be time for businesses – particularly those handling large amounts of data – to advertise for a new post: that of Data Protection Officer (DPO). After all, the management of colossal amounts of data in a compliant, sensitive way is no easy task. After GDPR, we can expect to see more news coverage of mismanagement of data – that’s bad press no business wants. Businesses will need to document what personal data they hold, where it came from and with whom they share it. As part of the new privacy legislation, businesses will also need to explain their lawful basis for processing the data, their data retention periods, and the rights of their customers to complain to the ICO (Information Commissioner’s Office) if they feel this has been misused. For more details on the exact steps to take, the ICO have provided this useful guide.

GDPR For Consumers

And for consumers? Many may not realise that there has been a change – but others will notice that the way businesses and organisations communicate with them has changed. Notices concerning privacy will be made more prominent and transparent. Their rights as consumers will be made public and communicated in plain English, and those will include new rights: to erasure of data, and the right to object to profiling activities. And they may notice that they are asked more often for consent for what was previously common business practice – for example, receiving occasional marketing emails.

If you’d like to find out more about how the upcoming GDPR regulations are likely to affect your business or municipal authority in the future, or simply want to understand more about the changes happening right now in a fast-moving technological industry, please get in touch.