What is GDPR and what does it mean for the consumer?

The General Data Protection Regulation (GDPR) comes into force this year on 25th May and becomes European law. This covers the internet, e-commerce, online advertising, and the increase in data driven marketing.  This is an upgraded version from the Data Protection Act, which means companies face tougher fines for non-compliance.  The new Regulation also requires companies to report breaches to their regulators and to you as the consumer. This also includes and allows you to ask what other companies they work for and how this data is used. This area is of particular relevance to the financial services industry, when your medical information is required for financial protection policies.


Basically, billions of bits of your data are pinging around online, being collected and processed by hundreds of companies at a speed that has massively outpaced data protection laws across the globe. This is of concern when consumers learn more what can go wrong with their data and worry about the implications of their personal information falling into the wrong peoples’ hands. Cyber-attacks and ransom wear have been on the increase during 2017 and this set to continue during 2018 according the experts.


As mentioned above, these changes have been introduced following large-scale data breaches and it allows you as consumers to ask companies questions about how their data was obtained and it allows you to opt out of further marketing. You can also ask for your data be deleted.


The good news is that “spam emails” will become something of the past (unless you sign up for it). This means companies must obtain your explicit consent to send you any communications. They won’t be allowed to assume you agree to receive their material from them – you must absolutely “say yes”.


If a company sends you emails without your consent, they will be breaking the law. With the new legislation, you can request what data any business holds on you and this could take up to 90 days to receive this information.


All companies including Richmond House will have to be a lot more transparent about what information is held on you and the way businesses will use this data going forward. This covers everything you have on the internet from browsing history, shopping channels as well as sharing photos etc.


You have now established that GDPR is all about giving you total control over your data. When the legislation comes into force, you can take all your data from one company and transfer it to another, if you so choose to.


In summary, you will have much more control over your data, and have far stronger consumer rights than before. Overall, I think this makes a lot of sense as any data you provide from visiting various web sites is essentially about digital “you” – and that must be worth protecting!


Nigel Taylor Cert PFS, Dip FA


This information and comment is provided strictly for general consideration only. No action must be taken or refrained from based on its contents alone.