Do You Know Your GDPR Rights?

You may remember this time last year when you weren’t able to click on any website or email without hearing about GDPR changes. Every site would display you with something along the lines of “We’re making some changes to our Privacy Policy.”

But surprisingly, despite these changes coming out last May, research conducted in 2018 by the Chartered Institute of Marketing (CIM) founds that 48% of consumers didn’t understand how companies used their data by companies. So, what exactly is GDPR, and how does it affect you?

 

What is GDPR?

GDPR stands for General Data Protection Rule and is a piece of legislation that automatically applies to all 28 European Union member states. The law came into effect on May 25th, 2018, to strengthen the rights that citizens have over their personal data when it is help and processed by companies.

This law was implemented due to the misuse of people’s private data that came before and was punishable by only a ‘slap on the wrist’ and a warning. Now, these laws are in place to protect people’s rights and are punishable with much more severe consequences for any company found to be in breach.

 

What Are Your Rights?

There are seven main rights that GDPR entitles you to. These rights are universal across all the member states and apply to any and every citizen who visits a website.

1.The Right to Be Informed

Organisations must now tell you what they are collecting and storing your date before they do it, as well as telling you how long they will store it for and who it will be shared with. You will be asked to give your consent before they can send you ant marketing communications. You can withdraw this consent at any time.

2.The Right of Access

You are entitled to have access to your date for free and within a month of making your request.

3.The Right to Data Portability

You can request a copy of your data in a commonly used format for your use as an when you see fit.

4.The Right to Rectification

You can send up-to-date information to rectify any wrong or incomplete data, and the company must respond within a month and forward these updates to everyone with whom they have shared your data.

5.The Right to Erasure

You can request that an organisation deletes all your data. Companies can only refuse if they have a ‘compelling reason’ to hold onto your data.

6.The Right to Restrict Processing

You can tell an organisation to stop using your data without forcing them to delete it from their databases.

7.The Right Object To ‘Automated Decisions’

An ‘automated decision’ is when your data is used to help decide if you’re eligible for products. This rule gives you the right for human intervention if you think you're unfairly treated based on these automated decisions.

 

Penalties for Data Breaches

For any company who is found to be in breach of GDPR, there are monetary penalties to be incurred in one of two classifications:

• For less severe breaches the maximum fine is €10 million or two per cent of a company's annual revenue, whichever is greater.
• For more severe breaches, the maximum fine is €20 million or four per cent of a company's annual revenue, whichever is greater.

For example, it has been announced that British Airways are facing a fine of £183 million after it the personal data of 500,000 customers was stolen from their website and mobile app.

Fines are only one aspect contributing to the financial loss you will suffer because of a GDPR breach. You will have compensation claims for damages suffered, reputational damage and loss of consumer trust to consider.