How will Brexit and GDPR affect UK data protection laws?

We have all been foolish one time or another, especially as kids or teenagers. With the invention of social media, what we say or do can last forever. The new GDPR law gives people more control over what happens with their information.

The new proposal is an upgraded version of the EU’s General Data Protection Regulation (GDPR).There are a couple of huge reasons why the UK is suddenly working on changing these data laws.

A lot of the changes are to do with Brexit - no surprise there! By May 2018, new cross-EU data rules are enforceable. As a third-party country, the UK will have to adopt a similar law to carry on sharing data post-Brexit. Under EU’s current laws, a third-party country needs to "guarantee an adequate level of protection for personal data".

The second reason is purely practical. The Data Protection Act hasn't changed since 1998. This was several years before Facebook even existed! How can laws from 20 years ago still be relevant now?

The reach of GDPR

When it comes to privacy, consent has to be explicit. A positive, obvious action. Likewise, it’ll also be easier to revoke the consent you have given to companies for use of your personal data.

‍An example of what NOT to do - customers cannot be opted-in by default

The definition of personal data is also changing. Soon, personal data will include your IP address, DNA and even cookies (the small text file kind, not the yummy chocolate chip kind).

GDPR will also make re-identifying people from anonymous data a criminal offence. No more piecing together anonymous data to identify peoples’ spending or browsing habits.

Tampering with data will also now be a criminal offence.

People will have more control over their information in general. They can ask organisations to state what personal information they have on file. Aside from asking for their information, people can also request for deletion.

Taking it a step further, people can ask companies to delete social media posts from when they were under 18.

The new legislation will have much heavier penalties of £17m or 4% of global turnover. This is a huge jump from the current largest fine of £500,000.

As much praise the new measures receive, there’s also been some criticism. Privacy groups won't have the right to make independent complaints against companies on behalf of consumers. This is an ability that privacy groups have in the EU version.

GDPR will definitely affect the majority of online businesses. Smaller companies might not know what’s required of them to be compliant with the new rules. It's important to know the tools you use on your website are GDPR-compliant as well as your own T&Cs.

We're not going to make any suggestions on what to do as GDPR is such a hot, unknown topic. However, we can recommend this website and PDF if you want to try and understand GDPR from a marketing angle.