From 25 May 2018, how companies use your personal data will change. That’s because that’s when GDPR enforcement starts.

GDPR is the General Data Protection Regulation and it’s replacing the Data Protections Act (1998). It’s a regulation to strengthen your data protection – so you have more rights about how companies use your data.

But what does this mean for you? We’ll take you through the changes under GDPR and your rights.

GDPR and your rights

Companies will have to meet GDPR’s rules by 25 May 2018. And for some companies, this will mean a lot of changes.

With most of these changes, you won’t see any difference to how other companies use your data – a lot of the work is behind the scenes.

But there are some changes you should understand, and they all give you more rights about what companies can do with your data. Here are the key changes you need to know about.

  • You’ll have the ‘right to be forgotten’. This means in certain circumstances you can ask a company to delete your data if it doesn’t need it anymore.
  • If you want to see all the data any company holds on you, you can now request this for free. And companies will have one month to get this to you.
  • Children are more protected under GDPR. If your child is under 13, they can’t consent to online services – this must come from you.
  • Speaking of consent, companies will need to make sure they have permission to contact you. This means you’ll have to opt in more when you sign up for online services. And this means only companies you’re interested in can contact you.

What is GDPR?

GDPR is a regulation that affects everyone within the European Union. It doesn’t matter that the UK is due to leave the EU – it will still apply to us. It’s all about how companies use your personal data.

You might think of data as lists of complicated numbers – something you don’t need to know anything about. But your personal data is any information that identifies you – for example, your name, your email address or your phone number.

With GDPR, you have more control over how companies use your personal data. One reason for GDPR is because the current Data Protections Act doesn’t protect your online data enough. That’s because when it was written in 1998, we didn’t have social media and the internet was still new.

As technology has now moved on so much, we need new data protection law so your data stays safe.

If you want to read more about GDPR, head to the Information Commissioner’s Office (ICO) website.