The new data protection

The GDPR will introduce new rules which fit our digital-based society, providing increased awareness and brand new opportunities both to consumers and organisations

Winds of change and improvement are blowing for data protection, to give consumers the right to know how brands use their personal data.

The need for a deeper understanding of how organisations use personal data was widely discussed during the Direct Marketing Association (DMA) Annual Conference on Data Protection, held at 30 Euston Square in London on the 24 February 2017 with guest speakers the Information Commissioner and leading speaker Elizabeth Denham, Sanjeevan Bala of Channel 4, entrepreneur Gavin Starks, Vodafone's Jo Blazey and expert on European data protection Ardi Kolah. As described during the conference, as time changes and societies grow, new controls of sensitive information are strongly needed.

Elizabeth Denham, UK Information Commissioner since July 2016, explained that the role of the Information Commissioner’s Office (ICO) is much more than just dealing with complaints and fines: it also has an educational role. “I want to talk about the benefits of best practice, about the changes GDPR will mean to your industry, and about what you can learn from other sectors”, she said.

The General Data Protection Regulation (GDPR) will reinforce European data protection and will apply in the UK from May 2018, but will not be affected by the UK’s decision to leave the EU.

Born to guarantee consumer rights in a rapidly changing society, the GDPR is there to bring the law up to speed. “The world has changed a lot since 1995, not only technology, but your own business models, people’s attitudes to their data, their demand that their information is properly looked after. The law needed to change too”, said Denham.

In order to preserve these rights, the GDPR will give consumers more control over their personal data. “Consumers and citizens will have stronger rights to be informed about how organisations use their personal data. They’ll have the right to request that personal data be deleted or removed if there’s no compelling reason for an organisation to carry on processing it”, Denham explained, emphasising organisations’ responsibilities to respect and preserve consumers’ privacy.

If businesses fail to protect consumer data, this leads to a lack of trust.

Ardi Kolah, executive fellow and programme co-director at Henley Business School, said businesses should focus on trust in order to protect their own interests in his speech at the DMA Conference. It cannot just be a focus on regulation, but also on reputation, Kolah said: “There are two main ways to build trust: permission and transparency”.

Moreover, Denham said the introduction of the GDPR will give businesses an opportunity to offer consumers innovative products and services: the possibility to access and use their own personal data. “They’ll have the brand new right to data portability: to obtain and port their personal data for their own purposes across different services”, she said.

The GDPR will make organisations more aware of their data protection responsibilities and avoid fines or loss of citizens’ trust in the future. “The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks”, explained Denham, “It means taking proper consideration of what your customers expect”.

“The DMA Code aspires to a higher standard than the law requires. It emphasises fair treatment of customers, and – crucially - it appreciates that the customer-business relationship is a value exchange that both parties should benefit from”, she said.

Denham also mentioned the charity sector, under fire since ICO investigations uncovered serious contraventions of the Data Protection Act over the past 18 months. A number of charity organisations used data to create wealth profile lists of people to market to. “There were contraventions that undermined fundamental privacy rights of donors”, Denham said.

The GDPR aims to achieve better protection of personal data and consumers’ rights, representing a fundamental change in the way companies and citizens use and collect data. “I am committed to do everything I can to improve the state of trust that citizens and consumers have in the use of their data”, Denham said. As society develops, these winds of change will powerfully blow to reinforce the relationship between consumers and organisations, breathing new breeze in our perception of privacy and citizens’ right of protection of personal data.