GDPR – General Data Protection Regulation
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation governing data privacy, which places new requirements on individuals and businesses offering services both within and into the EU. The aim of the GDPR is to harmonize the existing patchwork of data privacy laws currently in place across most of Europe, including the 28 member countries of the EU and the 3 additional member countries of the European Economic Area (EEA).
The GDPR went into effect on May 25, 2018, and gives individuals in the EU more transparency, rights, and control around the way their personal information is used. It also provides rights for data deletion, access, and portability.
What does GDPR mean for me?
The GDPR gives individuals 8 key rights regarding data:
- The right to be informed, about what data is being captured, and what it is used for.
- The right of access, to the data a company holds on you. The company must provide this within 30 days of the request.
- The right to rectification. If the data held is incorrect or incomplete, an individual can request rectification (verbally or in writing). Again, a company has 30 days to respond to this.
- The right to erasure. Also known as the right to be forgotten. A right for individuals to have their personal data erased – within 30 days.
- The right to restrict processing. Individuals can request restriction or suppression – which means that companies are permitted to store personal data, but not use it.
- The right to data portability. This allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object. Individuals have the right to object to direct marketing (including profiling) and other forms of data processing (more info here).
- Rights related to automated decision making including profiling. Individuals have the right to object to automated decision-making, including profiling.
These are the rights the GDPR brings to individuals or you as a user or customer of websites and businesses.
What does it mean for businesses?
There are a number of steps that businesses have to take in preparation for GDPR as outlined by the ICO (the Information Commissioner’s Office). A Matter Of Style has followed and completed all of these steps.
- Awareness. Making key decision makers aware of GDPR and the change in law.
- Information they hold. Document the data that a company holds, where it came from, what it is used for etc.
- Privacy information. Businesses must review their current privacy information and communicate it with those affected.
- Individual rights. The 8 key rights as listed above – make sure there are procedures and processes in place to respond to any of the requests individuals have the right to make (for example, deleting personal data).
- Consent. Review how the business seeks, records, and manages consent. Refresh any existing consents if they don’t meet the new standard.
- Data breach. Have procedures in place to detect, report and investigate a personal data breach.
- Children. Obtain parental or guardian consent for any data processing activity regarding children.
- Data Protection Officers. Designate someone to take responsibility for data protection. Some businesses may be required to formally designate.
What has A Matter Of Style done?
More transparency around how personal information is used
- We’ve updated privacy features, giving more control over how personal information is used for marketing, advertising, and tracking on A Matter Of Style.
- Since the GDPR requires material changes to A Matter Of Style’s policies, it is important to notify our members about these updates. We aim to limit the number of these all-member emails sent. This is a non-marketing message, but you can unsubscribe from marketing emails, promotions, or mailing lists using the unsubscribe link in each message
We welcome the GDPR and the changes it brings. Keeping your data secure and operating in a safe, secure, and transparent way is important to us – we ask our staff to treat all data as if it is their own. If you have any questions about our compliance with the GDPR or data security and privacy in general then get in touch with us via the contact us page or email.
Disclaimer: A Matter Of Style published this guide based on information we have gathered about GDPR to help our customers understand the steps we have taken but it is in no way legal advice. For full information and help regarding the new regulations, please visit the EU General Data Protection Regulation (GDPR) website here.
Contact us at firstname.lastname@example.org for questions related to our GDPR terms.