The recent news around Facebook and its improper handling of user’s personal information has caused many to wonder about how any corporation, big or small, can be trusted. Zuckerberg’s “inaugural” examination in front of US lawmakers left many people questioning just how personal information, in an information age, can be properly controlled. The key issue here is trust and the GDPR is here to help restore it.
For those of you who might be unaware, GDPR stands for the General Data Protection Regulation. It’s a new set of regulations that will affect how an individual’s personal information and privacy is obtained and managed. Taking effect across the EU, it will affect those living within the EU, as well as any company inside or out of the EU that controls or processes the personal information an individual living within the EU.
It will be instilled in law from May 25th, 2018.
As a worker, you might be wondering what on earth this means for you. Here’s a breakdown of what the GDPR regulation entails, what you need to be aware of and how companies, such as GIG, are complying with the new standards.
What is the GDPR and what is “personal” data?
The GDPR is designed to protect and empower all EU citizens data privacy, reshape the way organisations approach, obtain and manage an individual’s personal data, as well as harmonise a number of privacy laws already in place. It’s here to help YOU, the consumer.
When it comes to defining your personal data, the new legislation refers to it as:
“Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.”
It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. Essentially, ANY information about YOU is your personal data.
Right, so what’s actually changed and what are my rights?
Firstly, here are some key words to understand:
Data Controller (the Facebooks, Deliveroos and Amazons, ASOS’, and even GIG’s of the world who actually take/receive the information of their customers or clients) Data Processor (the company that takes this data and quite literally processes, typically for advertising and re-targeting purposes)
The new law will give consumers a number of empowering benefits, including:
Right to Access – You can now receive all of your personal data from the data controller by law and find out how your data is being processed and for what purpose. The controller must provide this as soon as possible, free of charge.
Right to be Forgotten – Also known as Data Erasure, you can now request a data controller to completely erase your data, cease further dissemination and have third parties halt the processing of your data.
Right to Rectification – You can now request inaccurate information either completed, changed or deleted. Incomplete data may also be rectified upon request, but this may depend on the purposes for processing.
Data Portability - You can now simply take your data away from one controller and share it with another. It’s your information so it’s up to you who you share it with.
Improved standards for consent - companies will no longer be able to use illegible fine print in their terms and conditions. Consent must be clear and distinguishable and use clear and plain language. It must be as easy to withdraw consent as it is to give it. It’s a big change and it ensures you’re completely aware of what, why and where your personal information is going.
One of the most fundamental changes the GDPR has made to the regulatory landscape for data privacy is the expanded jurisdiction of the law itself. It now applies to all companies processing data from subjects living within the EU, regardless of location – meaning companies based on the other side of the world are also accountable for how they manage your data.
Is this going to revolutionise how companies operate with me?
The changes in the GDPR won’t dramatically change the way companies, especially within the recruitment sector, operate day-to-day. Instead, it ensured consumers, such as yourselves, with more control and power over your personal information. It’s legislative change that brings the balance of power back to the information age.
The GDPR is here to help you, the consumer, take control of your personal information. In an age where consumers are becoming increasingly sceptical and distrusting of how companies use personal data, the legislative changes couldn’t come at a better time. The ability to restore faith and reduce cases, such as that of Facebook, lies in the GDPR and its power to give YOU the control you deserve.
Here at GIG, we’ve taken on-board all the requirements needed for compliance and ensure your data won’t be shared with any third-party organisations for processing. Under the new law, we will provide a detailed, clear disclaimer that will inform you of why your data is obtained and what we’re doing to ensure it remains confidential and ethically managed.
If you have any questions regarding the new GDPR changes, please get in touch with firstname.lastname@example.org