The GDPR – which came into place in May 2018 – introduces dramatic rule changes for companies regarding the way they collect and store data, whilst offering individuals greater control over their personal data.
User rights are another important aspect impacted by the General Data Protection Regulation (GDPR).
Notably, the legislation significantly alters how users can request access to data. Whereas companies were not previously obliged to show exactly what data they had collected about a particular person, individuals now have the right to submit a subject access request requiring a company to turn over any data it has collected on them. The GDPR also eliminates the cost of subject access requests, which was previously set at a maximum of £10.
This legislative shift puts customers in the driving seat, something which holds a range of implications for companies with large banks of customer data. Today, companies need to be more transparent with the data they collect and they need to obtain explicit consent from the people they collect information from, or face big fines. GDPR obliges companies to confirm where data is being held, if they have deleted data, and what they will do with it. Previously it was often held in unsecured places and companies presumed that it was fine to simply take data.
Additionally, the GDPR requires companies to correct or erase a customer’s personal data upon request. Individuals can also stop an organisation from processing their data after a certain amount of time, or for certain situations. Furthermore, businesses must comply if an individual files a complaint about the way their data is being used, or if they object to having their personal data processed for any other purpose than those originally stated at the time of consent.
Under the GDPR, companies also have less time to respond to user requests – one month instead of 40 calendar days. Failure to do so could result in a hefty fine of up to 4% of annual global revenue, or €20 million, depending on which figure is higher.
Following these legislative changes, businesses need to adjust in order to ensure they can quickly and efficiently respond to an increasing number of data subjects requests. This may sound like a time consuming and costly task, but it doesn’t have to be.
We address companies that want to ensure compliance to new regulations by providing a simple and powerful platform to process large amounts of data access requests from their customers. The intuitive tool allows companies to collect all user requests from across the globe and store them in one place, from which point they can manage them and respond to them in a swift and organised manner.
The rules of the game have changed. Today, setting up a robust system for managing user requests is not only crucial for avoiding financial penalties under the GDPR, it will also make sure that a business is seen as a transparent and trustworthy organisation.