What is GDPR?
It’s the first change to EU data protection law since 2000 – a time when Twitter was what the birds did and Snake was just about the most interesting thing you could do with a phone.
Seems like ancient history, doesn’t it? We can therefore safely say that 2000’s data protection laws bear little resemblance to what’s needed in 2018.
What does it mean for my business?
The key change to the law is that businesses who collect user data will be forced to be far more explicit about what the user is signing up to, and how and why their data will be used (including the sale of data to third parties).
Should somebody withdraw their consent for a business to hold their data, the information must be permanently deleted from the business’ records.
The sort of changes business owners need to be making right off the bat are:
- Notify all users whose data you hold of changes to your data privacy policy
- Seek consent from users whose data you hold to continue doing so – contrary to popular belief, this is not a legal necessity as long as the terms with which users signed up with you are consistent with those required post-GDPR. If they aren’t, then destroy the data of any users who withdraw their consent.
- Amend any areas of your website or any other means you use to collect user information to ensure 100% clarity on the data you’ll be storing, how it will be used and how long you’ll be storing it for.
If you’re holding data on paper, laptops or hard drives for users who’ve withdrawn their consent, this will need to be destroyed. Our commercial shredding service can help here – we’ll visit your premises and shred everything onsite, issuing you the legal safeguard of a Certificate of Destruction upon completion.
What does it mean for me as an individual?
As everybody you’ve ever given your details to has likely emailed you asking for permission to continue holding them, at the very least it’s a great opportunity to clear up your email subscriptions!
You’ll also be able to demand a copy of any data a business holds on you. The business in question must provide this in full in an easily accessible and digestible format within 30 days.
If you no longer wish for a company to hold your data, you may withdraw your consent at any time. The data holder is required to destroy that information permanently. Legally, the business has to do this anyway once it is no longer necessary to hold the data for the purposes stated when you gave consent.
The newest and perhaps least-discussed benefit for data subjects that will come into place on May 25th is the right to data portability. This is similar to the aforementioned right of the individual to demand a copy of all data a business holds on them, in that the right to data portability also allows the individual to demand all of their data be transferred to another service provider. This change should, in theory, make it much easier and faster to switch energy provider, bank, social media platform – you name it!
Are you a member of the public who has acquired all the data a business holds on you and want to see it destroyed? No problem! Just use our domestic shredding service. We’ll visit your home and collect paper records and hardware containing your confidential data, rendering them completely irretrievable.
Whether you’re a business holding and using customer data on a daily basis or the subject of that data, everything changes on May 25th. Fines for non-compliant businesses of up to €20 million or 4% of a business’ global turnover (whichever is greater) show that this isn’t some meaningless tweak to current regulations. So ensure you’re on the right side of the new laws, or are taking full advantage of the new rights GDPR grants data subjects, by using our data destruction services today.
