Did you know that we’re about to get many more rights to protect our privacy that could change the way we protect our identities forever? You could almost see these rights as an invisible revolution as so many of us are unaware what the general data protection regulation (GDPR) means to us as individuals. It’s hardly surprising – the terminology is hardly engaging as it’s language you’re more likely to find in a lengthy legal document as opposed to an inspiring activist manifesto. However let’s stop a moment and reflect on what these enhanced rights mean.
It’s time to get to the bottom of what we’re worth in the age of the internet. Depending on what you use the internet for it’s likely that you’ll have established at least one personal profile, probably many more, and most of us curate an online version of ourselves through social media via images and words. Yet seemingly unbeknownst to us we are tracked daily by a myriad of companies who are interested in analysing our behaviour and interests online. Some of these companies will be organisations with whom you have knowingly shared your data, but how many of us really know who and what happens to our data once we share it?
During our recent Tech for Good Bath meeting Karen from Wood for Trees stated:
“I have read the terms and conditions’ is one of the most commonly told lies today”
I think she’s right. But does our blasé approach to T&Cs indicate a lack of understanding about what we’re agreeing to, and more to the point are we holding organisations accountable for protecting our identities?
It’s time we take our own personal and sensitive data seriously. GDPR will place considerable accountability on organisations who hold your data, but the biggest change will come when we as individuals understand the value of our personal data and start to demand it is looked after securely and responsibly. In the future the mark of a trustworthy and transparent business will be one which can clearly demonstrate why it asks for your data and what will happen to it once they’ve collected it.
Just as we shield our pin numbers when we take out cash and keep all our financial documents in ‘safe places’, so too we should protect our identity and information online. The starting point is to know our rights, and exercise these rights regularly. Start to make it a habit, every time you enter your personal details, to check that an organisation is protecting your rights.
So in brief, here are the new rights you’re going to receive in May 2018. Get to know them so you can start exercising them, to protect that valuable personal data in the future:
- The right to be informed
You have the right to be clearly and transparently informed about how the data you provide will be processed. This will usually be communicated in the form of a privacy notice. Every website that collects your data, will (should) have a privacy notice easily accessible which will determine how and what they do with your data.
- The right of access
You have the right to access your personal data held by any organisation and verify the lawful basis of why your data is being processed.
- The right to rectification
You have the right to correct and/or update your information if it is incorrect or if your situation changes.
- The right to erase
You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- The right to restrict processing
You have a right to ‘block’ or suppress processing of your personal data.
- The right to data portability
You are allowed to obtain and reuse your personal data for your own purposes across different services. You can move, copy or transfer personal data easily from one IT environment to another.
- The right to object
You have the right to object to the processing of personal data based on legitimate interests, direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- Rights in relation to automated decision making and profiling.
You have have the right NOT to be subject to a decision when it is based on automated processing and it produces a legal effect or a similarly significant effect on the individual.
This is indeed a revolution. We have been given enhanced rights to protect our privacy, but it’s up to us, to you. We have to take ownership to protect and define our identity and data online and the law is giving us the control to do so.
Take just a bit more time before you tick those T&C’s…make sure you know what you are giving away and why. It’s your story.
For the latest updates on forthcoming legislation, visit the Information Commissioners Office (ICO), and access the support they provide through their helpline and online chat.