A campaign to help people understand why their data matters and how they can take back control is being launched in the UK today by the Information Commissioner’s Office (ICO). Its ‘Your Data Matters’ campaign aims to increase the public’s trust and confidence in how their data is used and made available.
The General Data Protection Regulation (GDPR), an evolution of the current Data Protection Act (1998), comes into effect today. Regulated by the ICO, the new law gives people more control about how their data is used, shared and stored and requires organisations to be more accountable and transparent about how they use it.
“Almost everything we do – keeping in touch with friends on social media, shopping online, exercising, driving, and even watching television – leaves a digital trail of personal data,” said Information Commissioner Elizabeth Denham.
“We know that sharing our data safely and efficiently can make our lives easier, but that digital trail is valuable. It’s important that it stays safe and is only used in ways that people would expect and can control.”
The GDPR gives people more and stronger rights when it comes to their personal data. Denham said that the Your Data Matters campaign will help people understand how they can exercise those rights. The ICO has collaborated with a range of public and private sector organisations to produce publicity materials that can be used by anyone wanting to spread the message to their customers or clients.
The ICO has also launched a new Twitter account for the public, @YourDataMatters, to complement its @ICOnews account, which has 63,500 followers. Organisations wanting to pledge their support for their customers or service user’s data rights can sign up to a public register. It will serve as a public demonstration of their support for people’s data rights and carries the ICO logo.
The GDPR replaces the European Union’s patchwork of rules dating back to 1995 and heralds an era where breaking privacy laws can fetch fines of up to 4% percent of global revenue or 20 million euros (£17.5m), whichever is higher.
Many privacy advocates around the world have hailed the new law as a model for personal data protection in the internet era and called on other countries to follow the European model. Critics, though, say the new rules are overly burdensome, especially for small businesses, while advertisers and publishers worry it will make it harder for them to find customers.
The GDPR clarifies and strengthens existing individual privacy rights, such as the right to have one’s data erased and the right to ask a company for a copy of one’s data. But it also includes entirely new mandates, such as the right to transfer one’s data from one service provider to another and the right to restrict companies from using personal data.
“If you compare the GDPR with the data protection directive you can really compare it with a piece of software upgrading from 1.0 to 2.0,” said Patrick Van Eecke, a partner at DLA Piper. “It’s a gradual and not a revolutionary kind of thing.
“However for many companies it was a huge wakeup call because they never did their homework. They never took the data protection directive seriously.”
Activists are already planning to leverage the right to access one’s data to turn the tables on large internet platforms whose business model relies on processing people’s personal information. That means companies are having to put in place processes for dealing with such requests and educating their workforce because any non-compliance could lead to stiff sanctions.
Studies suggest that many companies are not ready for the new rules. The International Association of Privacy Professionals found that only 40% of companies affected by the GDPR expected to be fully compliant by today.