Data protection law: what protection is there for your personal information?

You may well have heard quite a lot about the latest General Data Protection Regulation, or GDPR. Now, updated laws require organisations, individuals and governmental bodies to handle your personal information responsibly and transparently. But what does that actually mean for your personal data?

A brief history of personal data protection in Europe

Nowadays, data in general, and especially personal data, is an increasingly valuable resource for business organisations operating across a wide range of sectors, as well as for social and governmental bodies.

Both individuals and organisations are vulnerable to data theft and the manipulation of information. So, clear laws on the protection of personal data are vital to modern society.

In 2016, the European Parliament created the GDPR that was then brought into legal force in 2018.

The GDPR forms part of European Union law and contains key information about how personal data should be handled, both with the EU and the European Economic Area (EEA).

The new GDPR outlines specific guidelines for handling personal data within the EU and also stipulates legal conditions for sharing personal data from the EU to other global locations.

The GDPR: know your personal data protection rights

The UK introduced the Data Protection Act (DPA) in 2018. This data protection legislation is the UK’s individual implementation of the European law outlined by the GDPR.

In the UK, the Information Commissioner’s Office (the ICO) is responsible for championing the general public’s rights regarding information, including the processing of individuals’ personal data.

Any organisations that are responsible for handling, processing or storing personal information must:

  • Use personal data in a fair, legal and transparent manner
  • Keep personal data accurate and updated
  • Use personal information solely for clearly outlined aims
  • Securely delete any personal data or information that is no longer required by the business, individual or governmental organisation
  • Securely delete any personal information that is no longer relevant to, or required for, the purposes outlined
  • Handle personal data in a secure manner, in order to avoid illegal or unauthorised handling, alteration, damage, destruction, loss or access to the personal data in question

Under the GDPR, certain categories of personal information are more securely protected.

This increased legal protection applies to data regarding race, ethnicity, religion, political views, biometric information used for identification (your fingerprint, for example), genetic information, personal health records and information regarding a person’s sexual orientation or membership of a trade union.

Many organisations make effective use of individuals’ personal data to make all our lives easier. However, the GDPR exists for very good reason: data hacking is a real threat and there are some who would abuse access to others’ personal data to carry out criminal activities.

For this reason, the GDPR and the UK’s DPA outline the following basic rights regarding personal data protection.

Right to consent
You have the right to agree to the processing of your personal information. If an organisation is handling your personal data, they are obliged to provide you with this data under law. This process is usually free of charge, unless large administrative costs are incurred. If you request information, an organisation must provide the data within one month, or within up to three months for specific, more complicated cases. In these cases, the organisation must tell you why there is a delay.

Right to accurate information
You are legally entitled to be informed of how your personal information is going to be used by an organisation. This includes the handling of personal data in automated processes, as well as for profiling purposes.

Right to erasure
You have the right to remove your personal data from an organisation’s files if you no longer want them to store or process your personal information.

Right to amend or update incorrect personal data
You are entitled to keep your personal data up to date and accurate.

Right to restrict the processing or handling of your personal data
You have the right to decide who can legally process, store and use your personal data and to change your preferences as you wish.

Right to data portability
Organisations are legally obliged to allow you to access and use your personal data for whatever purpose you choose.

Personal data protection on the Internet

In our modern day digital age, it’s increasingly easy to find personal data online.

Whether that’s usernames and passwords you save to access your online accounts more easily, or personal information that you share on your social media, we frequently share our individual data without thinking twice about it.

But, there are less obvious ways we share our personal information on the Internet, too.

Many websites use cookies in order to enhance their users’ experience online, but also to collect personal information.

Cookies might track how much time you spend on particular pages, which screen layouts you prefer, which items you want to add to an online shopping basket… they’re versatile little things.

Cookies can also be used to include your personal information in publicity or marketing lists, or, for example, to show you specifically targeted adverts depending on your browsing activities.

You may have noticed that may websites now have clear pop-ups about their cookies. The right to consent comes into play here: these pop-ups will often ask you to accept a site’s cookies before continuing.

In accepting the cookies, you often accept that a site may use or process your personal information.

While accepting these types of add-ons and allowing organisations to safely and legally process your personal information might be totally normal, individuals should still be careful about sharing their personal data.

Given the normalisation of online data sharing, fraudulent scams often take advantage of our willingness to share our personal data with likely looking organisations (your bank, insurer, or loans company, for example).

So, always exercise caution when using your personal data online.

Know your rights and the risks involved with sharing personal information: consult resources about the GDPR and the DPA, or the ICO pages for further information.