What GDPR means for you

Open navigator

1. Data in Tomorrow's World

Thanks to technology we now generate an enormous digital footprint just living our daily lives. We are creating data 24/7.

When we shop, access healthcare, donate to charity, use public transport, pick music, sleep (our phones can monitor sleep patterns) - we are making data all the time. And it's incredibly valuable, fortunes have been made by companies and individuals.

The issue though is, although it's about us, for the most part we don't really control its use, or even own it. And often we've voluntarily given it away for what might seem like little in return.

2. What is GDPR and why should I care?

Have you started receiving emails and letters from companies and organisations asking you to update your preferences and permissions on what they send you?

This is because the EU's General Data Protection Regulation (GDPR) is changing how companies and individuals collect, store and share data about us. The new law will apply in all EU states from 25 May 2018.

According to the EU, the regulation seeks to 'harmonise' previously disparate data privacy laws across EU member states, whilst also giving greater protection and rights to citizens.

We now have more control over how organisations use our personal information, or data. Which is important, as data is big business.

Under the new rules, companies who rely on an individual's consent to collect their data will face tougher restrictions.

The GDPR says customers need to actively opt in. Companies need to use language that is easy to understand, and tell people they can withdraw consent at any time.

Firms must also report any data breaches to authorities within 72 hours.

Organisations failing to comply with the regulation could face fines of up to about £17.5m, or 4% of a company's global turnover, whichever is higher.

As we produce more and more data from an increasing number of devices, the GDPR is an opportunity to bring data protection rules up to date with the amount of data we’re producing.

3. GDPR - What you need to know

BBC Radio 5 Live: Your data protection questions answered

4. Data danger

The GDPR comes into effect just as a series of data controversies from some of the world’s biggest tech companies, most notably Facebook, have been in the news.

In April it was claimed political consultants Cambridge Analytica had improperly used the data of 87 million Facebook users.

This data helped shape a number of targeted political adverts that were delivered on Facebook.

The story has thrust the holding and use of data - and the question of who really owns it - in to the spotlight.

5. Why your data is valuable

To many of us, our name, address, tastes and beliefs feel like our own… because they are. But when you consent for this personal information to be used by an online service, the question of ownership becomes more ambiguous.

Free online services are generally funded by advertisers, and advertisers like to sell stuff. Advertisers are even better at selling stuff when they know you’re more likely to buy it – you’re essentially making their job a lot easier.

So, when advertisers are given a platform like Facebook, who have a database of over 2 billion users and their interests, it’s an offer that’s too good to refuse and they’ll pay good money for the privilege of advertising there.

During his testimony to US Congress following the Cambridge Analytica scandal, Facebook CEO Mark Zuckerberg was very explicit about his company’s use of users’ data in relation to advertisers.

“There is a very common misconception that we sell data to advertisers, and we do not sell data to advertisers. What we allow is for advertisers to tell us who they want to reach and then we do the placement.”

In other words, Facebook might not sell your data to advertisers, but they are still profiting from it.

And what’s your take from all of this? Free access to Facebook. To some that might seem like a fair deal, but to others it may feel like you’re being short-changed.

Facebook’s market value passed the half-a-trillion dollar mark in 2017.

6. Data for good

So, your data has value. That’s evidenced by the financial valuations of the companies that rely upon it.

But does the value of data have to be inherently monetary?

What if your data could be used to save lives?

Baroness Tessa Jowell became the first person to donate her medical information to a new global database in April 2018.

The former-culture secretary, died from a brain tumour on 13 May. She donated her medical information to the Universal Cancer Databank – a worldwide database project set up by an Australian billionaire.

Researchers will be able to access the anonymised data in the UCD for free.

It is hoped that more effective sharing of cancer patient data around the world will help researchers to eliminate the disease.

7. Your data, your future

Already, efforts are being made to help share our data for a medical good. But how much further can we go?

What if you could donate your data to a charity of your choosing just as you would donate money today?

As GDPR rolls on, and requesting your data from the companies that hold it becomes easier, so too should be the ability to transfer it elsewhere.

And as the regulation also threatens increased penalties to companies and individuals who mishandle your data, trust in those organisations should begin to be restored.

So, if it becomes technically easier for you to control data about you and there is less chance of it being mishandled by who you give it to, exciting opportunities could become available.

But the choice is ultimately ours. GDPR gives us the tools to take control over our personal information, but disinterest and apathy may threaten its influence.

It took the apparent improper sharing of 87 million Facebook users to get #DeleteFacebook trending. Will it take another breach on the same kind of scale to focus our attention on the importance of data again?

The GDPR will change the law, but we are responsible for the direction it will take us in.