In May next year, the General Data Protection Regulation (GDPR) will replace the current Personal Data Act. GDPR affects all businesses that deal with personal data, and has been one of this year’s hottest topics in the IT world. Breaking the regulation can result in incredibly high fees of up to four percent of the company’s overall turnover. This is the reason for the current discussion mainly revolving around how companies are to avoid being liable of payment, rather than the actual purpose of the regulation – to protect the privacy of the citizens.
GDPR will replace the current national legislation, where each EU country has their own rules to take in consideration. Below are the most important aspects that you as a customer should be familiar with in order to gain control of your personal data, how it is used and by whom.
Possibility to move one’s personal data
Regardless if a company is based in the EU or not, they will need to implement the right to data portability. This means that individuals have the option of moving their personal data from one provider to another. Digital giants will as a result of this not be able to deny the customer access to their personal data, something that they previously controlled. This gives you increased power to choose who can use your personal information and for what purpose.
The right to be forgotten
With GDPR people have the right to ask providers to present the personal data that they have access to. People can demand to get excessive data erased, for example when the information no longer fills the same purpose as when it first was collected or treated.
More difficult for companies to use your information for marketing purposes
Data profiling means that providers use and treat personal information in order to evaluate a physical person’s personal aspects. Especially to analyse and predict things such as a person’s performance at work, financial situation, health, personal preferences, interests, behaviour or geographic location – with the intention of using it for targeted advertising.
If companies are going to use personal information with the purpose to adjust their advertisement and marketing, it needs to be clear, so that customers are aware of what they are signing up for. With these new regulations, providers will not have the right to demand access to data as a condition for you becoming a customer.
Which personal information a company has the right to demand depends on the company’s objective. This is why it is important to understand which data a specific company requires and for what reason.
In conclusion, there will be more information to form an opinion about prior to registering yourself as a customer. The information is meant to be easier for you to understand and as a consumer, you will know which personal information the provider has about you and how it will be used.
More power to the customers
-Today power doesn’t lie with the customer but rather with the companies that use personal information for marketing purposes and selling processes that go on without the knowledge of the customer. GDPR will not only give customers more and more extensive information regarding their personal information – it will also give them control over the data and the power to use it. This is an exciting challenge for EnterCard that will contribute to an increased transparency towards our customers and hopefully a stronger customer relationship, says Carina Björkefors, Chief Operations Officer at EnterCard.