Do you know how your personal information is being collected, used, stored and shared by the organisations that you’re giving it to?
With ever-changing and improving technologies, data sharing has become something we do every day, and this means data protection is becoming more and more important. This is why new legislation, known as the General Data Protection Regulation (GDPR), was enforced on the 25th May.
But what exactly does this mean for you as a customer?
What is GDPR and why is it needed?
GDPR is designed to replace and modernise the current Data Protection Act. This new regulation builds on principles already in place and specifically aims to give individuals more control over their personal information and make organisations more accountable for how they collect, use, store and share personal information. Personal information is any information that can be used to identify you either on its own or together with other information for example your name and address.
There are two main reasons why GDPR has been developed.
The use of technology and the volume of personal information collected, processed and shared has risen dramatically over the last few years, and with it the risk of our personal information being misused has increased. Examples of high profile incidents involving personal information have recently been seen in the telecoms and social media sectors.
GDPR identifies a number of safeguards which organisations have to put in place to protect personal information, and gives you enhanced and new rights regarding how your personal information is collected, used, stored and shared.
For anyone who is questioning how EU law like GDPR operates post-Brexit, it was announced last year that a new Data Protection Bill will in effect implement the GDPR and will reiterate the UK’s commitment to the privacy principles enshrined in the EU regulation. The Bill will result in a new Data Protection Act replacing the 1998 Act. And as and when the UK leaves the EU the new Data Protection Act will replace the GDPR.
GDPR also provides the following rights to consumers
The right to be informed
What are we doing?
To comply with the GDPR YBSG has carried out the following:
- We have made updates to our policies and procedures to align with the stricter requirements of GDPR. We will enhance our processes to ensure your personal information is kept safe and should a problem occur we can fix it quickly so preventing unnecessary detriment to you. These improvements will be rolled out across our businesses prior to 25 May 2018.
- We work with a number of carefully selected parties who may process your personal information on our behalf. We have updated contracts with these parties to ensure they take the same level of care handling your personal information.
- We have trained our colleagues so they understand GDPR and can apply the regulation correctly when interacting with you and when handling your personal information.
- We have updated these between now and 25 May when the GDPR comes in to effect.
- We are appointing a Data Protection Officer to monitor internal compliance, inform and advise on our data protection obligations and act as a contact point for data subjects and the Information Commissioner's Office.