Today is an important day for data protection as the UK’s new data protection laws, and the General Data Protection Regulations (GDPR), come into force. The charity sector needs to make sure that it plays its part in being compliant with the new rules.
I’m sure that many of you will have either been involved in sending emails or received some yourselves, from companies asking if they can stay in touch.
Of course there may be some irony in the fact that before you gain greater control of your data, you have been contacted by mailing lists you might have forgotten you ever were on, but look on it as the last roar of the dinosaur. The days of companies assuming your consent, and being free to do with your data as they will are ending. We are handing control back to you.
Within the charity industry I am pleased to say that there is already a good amount of awareness about the new rules. Lower income charities are less likely to be aware of the changes than higher income charities, so there’s clearly more work that needs to be done.
But there is help at hand. Anyone in the sector with concerns about being compliant with data protection laws should contact the Information Commissioner’s Office. They are there to help with a range of useful information online about how to become compliant and a dedicated phone line offering advice and support (www.ico.org.uk/for-organisations/business).
The GDPR is something that we all need to be aware of - both as business leaders and consumers.
For example, the alleged abuse of data exposed during the Facebook and Cambridge Analytica scandal must never happen again. Our data protection laws were last reviewed in 1998, in the days before digital became default in society, but now, recognising the revolution that has happened since, we are making them fit for the twenty-first century. This week our Data Protection Bill has received Royal Assent, updating and improving our data protection laws and making sure that they are aligned with the GDPR which also come into force across the EU today. The UK has been a leading member on the new rules and the Information Commissioner’s Office played a vital role in their development.
That is a good thing for everyone.
There is a risk data is becoming a dirty word, the stuff of exposés and scandals. That perception would be very wrong. Used responsibly, data is the lifeblood of a digital economy and key to unlocking prosperity and success. The UK tech sector is booming, and outperforming the rest of our economy by some margin. It is spreading wealth and employment far beyond the capital, which some might imagine is the traditional home of tech, to what Tech Nation recently branded our “Silicon Suburbs”, with notable growth in towns like Guildford, Enniskillen, Reading, Telford, Burnley and Slough.
Our digital businesses rely on the collection of data to be able to push ahead with the innovative work that is driving such success. Without your data, firms you may already use - perhaps the parking apps JustPark, who can help you find parking spaces in big cities and save you money along the way - would struggle to make their models work.
New technologies such as artificial intelligence, augmented and virtual reality and blockchain, which makes cryptocurrencies such as bitcoin a reality, will even further transform the ways we all work and live. UK start-ups like Verv, who are using AI to manage energy bills and reduce carbon footprints, or the cybersecurity firm Darktrace, who have just been valued at over $1 billion (what the tech community call a Unicorn company, because the valuation is so rare) will also need your data to be able to continue with the brilliant work they’re doing. IntelligenceX even claim to have produced the first beer brewed using AI, so the potential applications are truly diverse.
This revision of our data protection rules should help them as much as you by securing public trust in how data is used.
Our new laws will give the UK’s Information Commissioner, Elizabeth Denham, much greater power to act swiftly and proportionately in cases of a data breach as well as providing education, awareness and support. She will also be allowed to carry out “no notice” inspections, with the threat of criminal convictions for those who fail to comply. But charities should be reassured that in many cases they will not require active consent to contact supporters on their databases. Consent is just one of the lawful bases for processing data, and many companies will still be able to process data, contact customers and supporters on the basis of a legitimate interest.
Among the new, more stringent measures that are coming in, we are giving you the right to be forgotten and to ask for your personal data to be erased. If you are young enough to have grown up with the internet, that includes the right to ask social media platforms to delete anything you might have posted in childhood. Those of you who are grateful to have made your youthful mistakes pre Instagram and Twitter can imagine how welcome that move will be.
We are also ending the reliance on those preselected tick boxes whereby companies assume your consent to their policies. The great Tom Waits once sang, “The large print giveth and the small print taketh away”, and we know people rarely read the small print. From now on companies will need your explicit consent before they can make use of your data.
So make sure that you and your business is aware of the GDPR. It’s an important step forward in data protection and something that everyone needs to play their part in.
For more backround on GDPR, download a selection of three in-depth articles from our magazine archive. For the latest news and links to guidance visit our online hub.