The rules around how organisations collect, store and use your personal data are changing. Select Property Group Director Giles Beswick outlines some of the key elements you should be aware of.
It’s an abbreviation that seems to have filled business page column inches and emails within our inboxes for months now, and in recent weeks has even been making headlines in the mainstream media.
Business owners and consumers have heard lots about GDPR – General Data Protection Regulation. And soon this new piece of regulation will have to be fully adhered to by all businesses, public authorities and charities, big or small.
The official regulation outline from the European Union (EU), which you can read here, is 88 pages long and contains nearly 100 articles. Naturally, trying to condense every detail about the new directive into an article of readable length would be a challenge! However, below I’ve outlined some of the key information we here at Select Property Group have been communicating to our clients, and what is most relevant to you.
What is GDPR?
It’s the EU’s new framework for data protection laws which is now being implemented and enforced in each member state.
In reality, GDPR’s introduction is long overdue. The current UK data protection law is based on a directive drawn up in 1998. The idea of being protected by a law that came into force at a time before Google was even born now seems somewhat antiquated.
After more than four years of negotiations and talks, GDPR was finalised by the European Parliament and European Council in April 2016. It will come into effect on 25th May 2018, meaning businesses need to be fully compliant by this deadline.
These new laws fully protect all EU citizens, regardless of their location. For example, if you’re a British passport holder, your
personal information should be better protected under GDPR, regardless of whether you reside in the UK or anywhere else in the world.
GDPR will redefine what your ‘personal data’ means, including images captured on CCTV, and much of the ‘hidden’ information you might give to organisations which they use to profile their customers. This includes information about which other companies’ products and services you might be using and your location, both of which may be collected through your smartphone use.
It also places obligations on any organisation you give your details to (known as ‘Data Controllers’) to be very specific about how long they are keeping it, the purposes for which they will use it, and the measures they will put in place to protect it. This applies to all data controllers – your bank, your favourite ecommerce site, even your government.
In the UK, the government has drawn up a new Data Protection Bill, which will implement GDPR into UK law, and it was published in September last year.
The changes come following a number of high-profile data breaches in recent times, including those that affected LinkedIn, Uber and Yahoo customers in 2016 and 2017.
While there are of course many intricate details outlined in the new regulations, the main changes to be aware of centre around:
- Enhanced rights and freedoms for all EU individuals, or ‘Data Subjects’, giving them more control over how their personal data is used
- Tighter controls on organisations to know what personal data they are storing, where it is stored, how it is safeguarded from misuse, and recording clearly and unambiguously the purpose and basis on which they are using it
- Tougher sanctions that the regulators in each EU state can impose against businesses that don’t comply
Greater access to your data
Currently, you are perfectly entitled to ask a company for information regarding what personal data of yours they have stored – for a small fee. For example, if you wanted to ask your favourite online store what information of yours they have on file, you can submit a Subject Access Request (SAR) and, for a £10 fee, they would be obliged to tell you what personal data they are holding.
Under GDPR, not only is your request for personal data to be complied free of charge, but the timescales for providing have been shortened. There is also a new right to request your personal data to be erased – the so-called ‘right to be forgotten’ – which already has a slightly controversial case history.
Businesses face bigger fines if they don’t shape up
Should your personal data be compromised in breach of GDPR guidelines, businesses now stand to be hit hard with large fines. They are designed to act as a deterrent to some of the sloppy and negligent practices and, in some cases, abuse of individuals’ rights that have been all-too common in the past.
The Information Commissioner’s Office (ICO), the organisation responsible for enforcing GDPR laws in the UK, has the authority to carry out a criminal investigation on any businesses they have reason to be believe is flouting regulations.
Smaller offences alone could result in fines of €10 million or 2% of a company’s global turnover. The latter could rise to 4% for more serious misdemeanours.
The signal sent by GDPR as an ‘upgrade’ to the current Data Protection Act is clearly that holding personal data is a privilege, and organisations that hold it had better take their responsibilities more seriously.
Is it all about consent?
Provided that an organisation is “fair, transparent and accountable”, the ICO states that a business can also process your personal data if it’s deemed of ‘legitimate interest’. For example, here at Select Property Group we could send you an email about our latest investment opportunity in Manchester on the bases of assessing a legitimate interest if you have recently downloaded a Manchester investment guide, or attended one of our city-specific investment seminars, or previously bought a property in Manchester from us in the last few years.
Where a company is relying on your consent to market their products and services to you, GDPR outlines that the consent you give is “freely given, specific, informed and unambiguous”.
The ICO’s full guide on consent can be found here.
What about Brexit?
Of course, the UK will soon be leaving the EU. But this is irrelevant – Britain still needs to be GDPR compliant. Even though the UK is likely to no longer be part of the EU by 2021, the UK has committed to GDPR regulations, meaning that a business must ensure that it handles your personal data in a way that is fully GDPR compliant irrespective of Britain’s future exit from Europe.
We live in a world where we share more information about ourselves than ever before. Whilst for previous generations the thought of sharing our photos and addresses (whether physical or electronic) may have been regarded as completely intrusive, today billions of people freely share this kind of information with their friends on social media and with the businesses that they buy goods or services from.
However, in return, it is vitally important that businesses are completely transparent about their intentions and protect this precious data carefully. GDPR is an essential framework in
ensuring that our personal information is not compromised in a way that could cause us any loss or suffering and, if it is, that the business responsible will be hit with severe punishments.
As a company that regularly communicates with its clients all over the world using the full spectrum of electronic media, at Select Property Group we have proactively been working on ensuring we meet GDPR standards for months, working with legal experts to ensure our customers can trust us with their personal information. Before the 25th May deadline, we will be contacting our investor base further and providing them with more information they will need to reaffirm this trust between us.
Please keep an eye out for any future communication from us as we take this stuff very seriously. In the meantime should you have any further questions about GDPR, either myself or one of the team would be happy to try and answer them. Please contact us at email@example.com for further information.
Want to keep receiving insight like this straight to your inbox?
We strive to share insights and information that will help anyone looking at property investments to make better-informed decisions and maximise market opportunities.
By accessing this free service, you can expect to receive the following from us from time to time:
- Insights into the financial markets, budget announcements, tax and legal changes and other key market forces
- In-depth reports on trends impacting property investments strategies
- Invitations to exclusive Select Property events
If you would like to better manage your preferences about what you’ll receive from us in future, you can do so by clicking here. You can unsubscribe from receiving this information at any time.
We look forward to connecting with you again soon.