Confused about what the new data and privacy rules will mean for you? Guy Beresiner explains all you need to know about GDPR.
Sections
New privacy law: what has changed?
In short, the General Data Protection Regulation (GDPR) is a much-needed overhaul that replaces the Data Protection Act and will give you far greater control over how organisations can collect, store and use your personal data.
How does this affect you?
For companies, it’s hugely significant as many have to face the stark fact that their existing processes are unlawful, unless they adapt them to meet some very stringent rules.
It’s an indication of how needed this regulation that every major organisation has faced considerable challenges to change how they have been processing personal data.
And to ensure they do not shirk their obligations to do so, the GDPR has lifted the cap on the fines for its breach, to an eye-watering €20 million or 4% of global turnover, whichever is higher.
Why is GDPR needed?
What does this mean for your data?
Momentously for any digital business, the GDPR defines data collected online, even if it does not contain any directly identifiable information about a person such as an email address, as personal.
And as such, it is prescriptive about the rights people have to know about and control how it’s collected and processed.
This means data such as cookies are no longer accepted as anonymous must be respected as personal, and organisations that collect and process it are obliged to honour a range of powerful rights that have been conferred on people.
How will it work in practice?
The foundation to all these rights is that an organisation must justify a lawful basis before they collect and process any personal data.
Sometimes this is obvious; for example, a retailer will need an address if it’s to send a product that’s been ordered.
The privacy policies we’re all being newly told all about will contain refreshed information about deeper obligations companies now have surrounding how personal information is stored, for how long, and people’s rights in areas such as to know what’s held about them, its accuracy, to stop it being processed, and to have it erased.
However, where the collection and use of personal data is not so obvious, companies must ask for permission to use it first.
And this is what troubles all those digital companies that were profiting off selling personal information.
For example, by allowing advertising against it, without needing to care about whether you wanted to allow that or not.
Well, now they do.
When does a company need to ask permission?
End of confusing opt ins
Finally, consent must be unambiguous.
No little tricks such as pre-ticked “I agree” boxes, or declaring that closing windows comprises consent, and so on.
It must be an affirmative action by the consumer that can be recorded and cannot be doubted.
The law has made it very, very expensive for companies to risk ignoring, and means your online life should be a little more safe and secure.
What is loveMONEY doing about GDPR?
Now that we’ve covered what’s changing, we wanted to be clear about what we have done about the new rules.
As you may know, we are part of love Inc. which also includes loveFOOD.com, lovePROPERTY.com and loveEXPLORING.com.
Any personal data that is held for any of these sites is centralised in a single Love Inc. database.
The only piece of personal data we retain is your email address, which we need to send out your newsletter subscriptions.
Each time we send a newsletter to a registered recipient technically counts as a data process.
This is the only time we ever process customer data.
However, there is additional data that allows us to track delivery and engagement information about readers.
This includes:
- Whether or not an email was successfully delivered to a specific address;
- Whether the recipient opened the email;
- Whether the recipient clicked on the email.
How to manage your data with loveMONEY
We only send newsletters to people who actively opt in/request to receive them from us.
We do not “pre-check” any opt-in boxes, at any stage.
If you are unhappy with the emails you are receiving from us, these can be easily changed in your email preferences.
We also include a link in every email that we send out that takes you directly to your subscription management page.
No other personal data is retained.
The same is true for users who have simply signed up for any of the love Inc. email newsletters or those who have fully signed up and selected a username in order to leave comments or post within the ‘Q&A’ sections.
Fully registered users are also able to log-in and update settings.
What about companies we work with?
Love Inc. works with third-party advertising partners and allows third party cookie access.
We do not pass information to third parties but they are enabled to use their own cookie data to present users with targeted offers, promotions and messages.
For full transparency, here are all the third parties we currently work with or are in the process of doing so: Doubleclick Ad Exchange, Rubicon Project, Google, Pulsepoint (ContextWeb), Conversant Media (Valueclick), Media.net, Applaud Media, Teads, inSkin, DistrictM and Outbrain.