- 24 May 2018 16:40
#14917630
IF I HAD UNDERSTOOD THE SITUATION A BIT BETTER I SHOULD HAVE PROBABLY JOINED THE ANARCHISTSGeorge Orwell
On 25 May 2018 a massive change in the way companies must handle data, and the rights that consumers have, comes into force.
https://www.which.co.uk/consumer-rights ... y0QAvD_BwE
This new regulation is called the General Data Protection Regulation (GDPR) and it will be applicable across the EU.
In the UK, those regulations will be incorporated into the Data Protection Act 2018 – the Bill is currently going through Parliament.
It builds on the current Data Protection Act 1998 (DPA) and will strengthen the legislation, giving you more rights and protections.
Here, we explain all the main changes that give you more control over your data, and how they are likely to affect you.
Collecting your personal data
When you buy goods and services, or sometimes even just visit a website, the organisations you deal with may collect information and data about you.
This might include your name, address, and date of birth. This type of data, which is capable of identifying a living individual, is called 'personal data'.
Organisations may even include things like the school you went to, the job you do, details about your partner or family or the sorts of things you view or buy online.
Like it or not, many organisations, including councils, hospitals, travel companies, banks and supermarkets hold data about you.
The GDPR update to the DPA adds in a new range of personal identifiers, reflecting changes in technology and the way companies gather data today.
Online identifiers, such as your IP address, will be included within the definition of personal data.
Your consent will need to be positive
Soon, you will be seeing a lot fewer of those pesky pre-ticked boxes signing you up to stuff that you may not want unless you take the time to untick them.
Under GDPR rules it will be down to you to make a positive choice to agree to further direct marketing communications, such as ticking a box or agreeing over the phone.
All companies will also have to provide you with the option to opt out in all future communications.
If you want companies to stop using your data, make a request to an organisation to stop processing your data for the purposes of direct marketing.
It must be clear what you’re signing up to
Companies have to tell you specifically what you’re signing up for or opting in to – vague or blanket consent is no longer good enough.
When you’re presented with the option of ticking a box for further communications, it should be written in plain language that’s easy to understand.
The purpose of collecting your personal data and who it will be shared with must also be made clear to you at the point you make the choice.
Importantly, your positive opt-in shouldn’t later be misused to contact you for anything you didn’t sign up to.
You can ask for data in a format that will help you
One brand new right introduced by GDPR is the right to data portability. This means you can ask for your data from a company in a machine-readable format that enables you to reuse it, for instance in helping you get a better energy deal.
In theory, this will allow you to move, copy or transfer personal data more easily from one IT environment to another in a safer and more secure way.
You can opt out of profiling
You now have the right to opt out of activity from online retailers and companies, including profiling used for direct marketing purposes.
Companies must inform you of your right to object at the point of first communication and in their privacy notice, and must stop processing your personal data as soon as they receive an objection.
For many purposes, you would want companies to continue handling personal information to perform the tasks you need them to.......
Subject access requests
You have always been able to make a subject access request, which allows you to act on your right to obtain access to your personal data held by a company. But now it will be free.
You might make a subject access request if you think that a company is not processing your data lawfully.
Companies have to provide you with the information without delay and at the latest within one month of receiving your request.
This is shorter than the previous 40-day timeframe. However, companies are allowed to extend the period by a further two months if the request is complex or numerous.
If this is the case, the company must inform you within a month from the date you made the request and explain why the extension is necessary.
A word of warning, if your request is unfounded or excessive, the controller of the data may still charge a fee or refuse to act on the request.
https://www.which.co.uk/consumer-rights ... y0QAvD_BwE
IF I HAD UNDERSTOOD THE SITUATION A BIT BETTER I SHOULD HAVE PROBABLY JOINED THE ANARCHISTSGeorge Orwell