What is GDPR and Why Does it Matter?
Confidentiality has been a hot topic for many years, especially since the General Data Protection Regulation (GDPR) came into force in May 2018. For many people in the business world, GDPR is viewed as yet another complicated piece of red tape introduced by the EU that adds to their already overburdened workload. For others, it’s a welcome piece of legislation that makes organisations more accountable in their handling of personal data. This provides much-needed protection from prying eyes, especially when we consider the potentially devastating effects of data breaches.
In this blog, we’ll look at the main reasons why GDPR matters, and whether it’s still being enforced in the UK now that Britain has left the EU.
Who Wants to Know?
We’re currently in what’s known as the Information Age, which began in the mid-20th century with the rapid development of digital technologies such as the computer, the internet, and smartphones. This age is characterised by a shift from the more traditional industries to an economy based increasingly on information technology. In this data-driven world, one of the most valuable commodities is information about individuals, and businesses are willing to pay a high price to attain that data.
Armed with knowledge about someone’s age, gender, income level, ethnicity, spending habits, and many other pieces of personal information, an organisation can target exactly the sort of person they’re trying to appeal to with their products or with their message. This kind of targeting saves huge amounts of expenditure on wasted marketing efforts and dramatically increases the profits or outcome goals of that business or organisation.
I’ve Got the Power
It was in 1597 that Sir Francis Bacon wrote the words: ‘knowledge itself is power’ in his work titled Meditationes Sacrae. This has been proven true today when we see that the most powerful and financially successful organisations are the ones that hold the most data, or knowledge, about individuals around the world. From government agencies to large digital companies like Meta (previously Facebook) and Google, all the way down to the smallest businesses keeping handwritten records about their customers, knowledge is the means to access the power to be successful in their industry.
When we learn that someone else possesses all this power, we can feel more than a little overwhelmed. However, GDPR was created primarily to protect and empower the privacy of citizens’ data, and to reshape the way that organisations approach data privacy. Under these regulations, any organisation in the EU must adhere to strict guidelines and respect any individual’s desire for any parts of their information to be included in or removed from that organisation’s databases.
GDPR compliance also prevents an organisation from selling or passing on any information about an individual to a third party without first gaining their consent. This puts the power back into the hands of the individual when it comes to their personal information.
Keeping it Confidential
One of the most common things we see when filling out forms these days is the ‘consent’ section. Any form of data-gathering about an individual must include a choice to opt in or opt out of receiving communications from the organisation and any other third parties. The individual must also be made aware of who these third parties will be so that they can make an informed decision. Additionally, at the time of entering this information, the individual must be informed about how to request for their information to be removed from that organisation’s records and databases.
Once an individual has provided their personal information, the organisation must then store and handle that data responsibly. This means that all data protection systems and protocols must be robust and kept up to date to be fully compliant with the current form of the GDPR legislation. The danger of not having strong enough security measures in place is that serious data breaches can occur, as in the following article from The Independent in 2020: British Airways fined £20m for data breach affecting more than 400,000 customers.
What Protection Do We Have Now After Brexit?
The EU GDPR, being an EU Regulation, no longer applies in the UK since Brexit was finalised. However, any business or organisation operating within the UK needs to comply with the Data Protection Act (2018), and the same provisions legislated in the EU GDPR have now been incorporated into UK law as the UK GDPR. Therefore all of the regulations stay the same, and the UK also has the independence to keep the framework under review.
The UK GDPR is enforced by the Information Commissioner’s Office. For more information read their webpage: Overview – Data Protection and the EU.
Around the world, other countries will have their own regulations for data protection, and these should be examined if you or your organisation needs to provide information in those places.
Stay Informed
At McGowan Transcriptions, we have always taken the confidentiality of your data very seriously. We regularly examine our data protection systems and protocols to ensure we are fully compliant with current legislation and have always been rigorous in complying with the Data Protection Act, and we are Cyber Essentials certified. The UK GDPR also means that we need your consent to use your data to communicate with you.
When you’re on our mailing list, we occasionally send email updates that we think will be relevant to you. If at any time you’d prefer not to continue receiving these, we do include the option to unsubscribe at the bottom of each email communication. Please note that McGowan Transcriptions will never share your details with third parties.
Written by Paul Dyson
May 2024