If you’ve recently received an email from us, you might be wondering why we’re asking you to re-subscribe to our newsletters. The reason is the EU GDPR.
The GDPR (General Data Protection Regulation) comes into force on 25 May this year. It replaces all national data protection laws in the EU and applies to any organisation storing, processing, or otherwise handling the personal data of EU citizens. It will continue to apply after the UK has left the EU.
In large part, GDPR builds on the existing Data Protection Act (1998). However, it also expands our rights as data subjects, raising the level of protection and consent required. Email subscriptions must be entered into by double opt-in, for example. This is why we’re asking you to re-subscribe, so we can ensure that we are holding your data with your explicit consent, in line with the new regulation.
The other major changes the GDPR enshrines in legislation are:
The Right to Be Forgotten
Upon request, any organisation holding your personal information must erase it; including all copies, on all devices.
Right of Access
Your personal data must be provided upon request. Further, you have the right to data portability i.e. to transfer that data to any other product, service or organisation, at your discretion.
Right to Restrict Processing
You have the right to prevent organisations from processing your data in any way. You have the right to rectify or correct any inaccurate or incomplete data.
For the UK, GDPR is the biggest change in data protection legislation in 20 years. The penalties for non-compliance are steep: up to €20m or 4% of global turnover, whichever is highest.
We fully support the new regulations. We recognise that the data we hold for our clients is often highly sensitive and are committed to both keeping your data safe, and taking the appropriate steps to comply with the new regulation.
For more information about the GDPR, visit the ICO website.