I have heard that new data protection rules are coming in. What are these rules and how will they affect me?
Answer (April 2018)
A new General Data Protection Regulation (GDPR) comes into force across the EU on 25 May 2018.
The GDPR strengthens your rights and gives you much more control over your personal data. It also introduces stricter measures for businesses and other organisations that collect, control and process your personal data.
Under the GDPR, personal data is data that relates to you or can identify you, either by itself or together with other available information. Examples of personal data include your name, phone number, bank details and medical history.
Under the GDPR you are entitled to:
- Access the contact details of the organisation collecting your data
- See a copy of the data held about you
- Have it amended or erased if it is incorrect
- Move or transfer your data
- Object to the use of your data
- Information about how your data is being protected
The GDPR also imposes more obligations on organisations that control and process your data. These organisations must design data collection systems that meet specified requirements, collect only the data that is absolutely necessary for their purposes, keep records of the processing activities under their responsibility, keep data secure and report any data breaches.