Introduction

Collapse

What is GDPR exactly?

The General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data. Our need-to-know GDPR guide explains what the changes mean for you as members and visitors to the AAD Consumer forum.

Europe's data protection rules are undergoing sweeping changes. To keep up with the huge amount of digital data being created, rules across the continent have been re-written and are due to be enforced. From May 25, 2018, the new mutually agreed European General Data Protection Regulation (GDPR) will update personal data rules.

GDPR will bring outdated personal data laws across the EU up to speed with an increasingly digital era. The previous data protection laws were put in place during the 1990s and haven't been able to keep pace with the levels of technological change.

When GDPR starts to be enforced by data protection authorities it will alter how businesses, like ours, can handle the information of their customers. GDPR also boosts the rights of individuals and gives them more control over their information.

Your Privacy & GDPR 2018

Collapse

General Data Protection Regulation

The GDPR is Europe's new framework for data protection laws – it replaces the previous 1998 data protection act (DPA 1998), which current UK law is based upon.

The EU's GDPR website says the legislation is designed to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public as well as businesses and bodies that handle personal information, which we'll explain in more detail later.

After more than four years of discussion and negotiation, GDPR was adopted by both the European Parliament and the European Council in April 2016. The underpinning regulation and directive were published at the end of that month.

After publication of GDPR in the EU Official Journal in May 2016, it will come into force on May 25, 2018. The two year preparation period has given businesses and public bodies covered by the regulation to prepare for the changes.

So what's different?

In the full text of GDPR there are 99 articles setting out the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about.

Accountability and compliance

Companies covered by the GDPR will be more accountable for their handling of people's personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed.

Under GDPR, the "destruction, loss, alteration, unauthorised disclosure of, or access to" people's data has to be reported to a country's data protection regulator – in the case of the UK, the ICO – where it could have a detrimental impact on those who it is about. This can include, but isn't limited to, financial loss, confidentiality breaches, damage to reputation and more. The ICO has to be told about a breach 72 hours after an organisation finds out about it and the people it impacts also need to be told.

There's also a requirement for businesses to obtain consent to process data in some situations. When an organisation is relying on consent to lawfully use a person's information they have to clearly explain that consent is being given and there has to be a "positive opt-in".

Access to your data

As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals a lot more power to access the information that's held about them. At present a Subject Access Request (SAR) allows businesses and public bodies to charge 10 to be given what's held about them.

Under the GDPR this is being scrapped and requests for personal information can be made free-of-charge. When someone asks a business for their data, they must stump up the information within one month. Everyone will have the right to get confirmation that an organisation has information about them, access to this information and any other supplementary information.

The new regulation also gives individuals the power to get their personal data erased in some circumstances. This includes where it is no longer necessary for the purpose it was collected, if consent is withdrawn, there's no legitimate interest, and if it was unlawfully processed.

AAD & GDPR

The ICO says that "many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA)". It adds for businesses already complying with the current data protection law, its highly likely they will be meeting many of the GDPR principles.

This statement applies to AAD because not only have we been registered with the ICO from day one but we've also updated our own terms and policies to reflect the changes in law.

You can find out more about the specific ways in which we deal with your personal information by visiting our dedicated policy pages:

- Privacy Policy

- Cookie Policy

- Privacy Preferences

- Terms & Conditions

We strive to remain compliant with all relevant laws and processes however if you feel that we've done something wrong or let you down with the way in which we process your personal information please let us know by sending us a Secure Online message.

More information

We don't claim to have all the answers. In between a lot of GDPR hype there are some incredibly useful resources that have been published on the regulation. Search the internet for GDPR to find out more.

Site Information

Collapse

Contact Information

Collapse

If you'd like to discuss this policy or query anything in it, please send us a message using our Online Contact Form or contact us using the details below:


hello@all-about-debt.co.uk

Send Private Message

Data Protection

Collapse

We are registered with the ICO as a data controller because we collect and store varying pieces of information when you use our website or contact us. Full details are available in our Privacy Policy.


Our Data Protection Registration Number is: Z3513615.

Connect with Us

Collapse

Working...
X