In the last few weeks many of us have been receiving emails and other communications from businesses asking for us to reply to say that we still want to hear from them. This is down to a new piece of European legislation known as the General Data Protection Regulation which is coming into force on 25 May 2018. The UK government has already said that it will continue in force after Brexit.
Most of the existing data protection regime is 20 years old, before social media and in the early days of the internet, for most people. The recent furore around Facebook and Cambridge Analytica has raised awareness of how our data is a valuable commodity and can be traded and used in all sorts of ways we are not aware of.
The GDPR means that for many communications (not just email) we will need to positively opt in, rather than our consent being taken for granted. It strengthens individual’s rights to protect and manage their data.
For businesses dealing with consumers it is both a threat and an opportunity. There are increased enforcement powers (including an increased limit on fines) for the information commissioner’s office. However, the greater risk to most businesses in this social media age is reputation and potential loss of business, if there are breaches. When TalkTalk had some data security issues a few years ago, the fine received was dwarfed by the business that was lost afterwards.
The opportunity for businesses is that individuals may become more discerning in who they deal with and robust data protection may differentiate a business from its competitors. Data protection is likely to be a major issue for some time to come. If you are running a business and don’t know where to start, contact the Chamber who will be able to point you in the right direction.
David is a Commercial Solicitor and Partner and has been proactively involved with Lancaster & District Chamber of Commerce for many years. He has been advising small and medium sized enterprises on all manner of legal issues for over 15 years.