Why you need to know about GDPR

The privacy of your data is of the highest importance to us here at UKPower, click here to let us know how we can keep in touch with you.

None of us really know how, when or why our data is used. The assumption has always been that businesses, web services, and app makers all work on the basis of informed consent – in other words, they can do whatever they want to with our data, or interact with us in any way they see fit so long as (and this is the important bit) they disclose those practices and conditions first.

There's no price cap on business energy. Compare deals to find cheaper prices than your supplier's out of contract rates.

image of woman with laptop sat in front of computer servers

If you click a box agreeing to these terms and conditions, or continue to use a service after being informed of its privacy policy, the law is satisfied that you have been sufficiently informed about such policies and agree to them.

So, if these terms and conditions state a company you’ve dealt with can pass your data on to third parties, and you tick a box to say you’re happy with this, you’ve essentially signed up for your data to be passed on to any third party this company sees fit or, if it’s a particularly unscrupulous outfit, the highest bidder.

But new EU legislation, known as GDPR, is being introduced to update data protection laws for the digital age.

What is GDPR?

GDPR or General Data Protection Regulation is new EU legislation that will change how businesses and public sector organisations can use and handle customer information.

The new rules will apply to all EU member states and take effect from May 25, 2018. GDPR will bring uniformity to compliance across the EU and give individuals greater control over what organisations do with their data.

The rules will apply to the UK, even following Brexit, when it will be converted into full UK law.

Why is GDPR important?

None of us know exactly how our data is being gathered or used, and it appears a growing number of companies have been swapping access to personal data gathered online – the idea of informed consent came into serious question during, Facebook CEO, Mark Zuckerberg's hearings in front of the US Congress this month.

It seems, unsurprisingly, that consumer confidence is low when it comes to data protection, as two recent studies have highlighted:

  • A study from GSMA found 90% of smartphone users are concerned that mobile apps collect their data without their consent, and want to know when smartphone data is being shared with third parties.
  • A 2015 Eurobarometer survey of 27,980 people from across 28 EU member states found that: 81% feel they don’t have complete control over their personal data, while 89% believe they should have the same rights and protections over their personal information regardless of the country in which the organization offering the service is headquartered. 69% think that collecting their data should require their explicit approval.

How is GDPR important to you?

There are a number of ways GDPR will affect business and consumers, but here are the main reasons why it is important to you.

1. Increased data protection and security

Cybercrime is on the rise, and GDPR rules will try and tackle this growing, global problem by requiring that stronger safeguards are put in place to protect personal data against loss, theft, and unauthorised access, primarily through ‘pseudonymisation’ – a method to substitute identifiable data with a reversible, consistent value, disguising any connection to you – and encryption.

If and when a data breach occurs, companies will now have 72 hours in which to report it to the relevant supervisory authority, as well as any individuals put at risk. In the past, companies have reportedly waited months, or even years, to report data breaches.

2. More explicit consent to process and share data

Once GDPR takes effect on May 25, companies will no longer be able to use long and meandering terms and conditions. They will instead have to provide clearly-worded explanations and need your explicit consent to use your data.

Although consent will still be given via a check box to say you agree, you’ll be able to make an informed decision without having to read through reams of legalese and jargon. Companies should also give you a number of contact options, so you can decide whether they can contact you via, phone, SMS, email, or post.

3. The right to be forgotten

GDPR rules will enable you to withdraw consent and have all your personal data removed from any company’s database, in the following circumstances:

  • If the data was unlawfully gathered.
  • If there’s no legitimate reason for that company to continue processing data.
  • If the data is no longer being used for the reason it was originally gathered.

And if you find any of your personal data is incorrect, inaccurate or incomplete, you have the right to get it corrected, by both the company that gathered your data and any third party companies it subsequently shared this data with.

For more on GDPR, check out eugdpr.org.

The privacy of your data is of the highest importance to us here at UKPower, click here to let us know how we can keep in touch with you.

Click here to run an energy price comparison, and see if you could be paying less for your gas and electricity.

Les Roberts - Energy Expert at UKPower

Les Roberts - Energy Expert at UKPower

If you’ve got an issue with your energy supplier, our consumer champion Les is on hand to help. A decade in consumer affairs means Les understands how confusing energy tariffs can be, so he'll cut through the jargon to help make sure you get the best deal.