Better Protection for your Personal Information
The General Data Protection Regulation is fundamentally about protecting individuals’ personal information in relation to the way that it is used by businesses. The concept of Data Protection is founded in protecting our human right to a private life.
The introduction of the new European GDPR in late May 2018 and Jersey Laws will drastically change the way businesses can collect, store and protect the personal information of their customers, clients, and even visitors to a website. It should be noted that whilst aspects of the GDPR and the new Jersey Laws are new, many of the requirements build upon the existing Data Protection legislative framework.
This means GDPR will cover all of our personal information
collected and used by businesses.
GDPR defines personal information as anything that can be used to directly or indirectly identify the person. Names, photos, email addresses, bank details, posts on social networking websites, medical information or IP addresses. Our personal information is a currency which should be respected and only used how we expect it to be used.
Before you give YOUR information look for the ‘PRIVACY NOTICE’ – businesses must be able to tell you about why and how they intend to use your information. In some circumstances, you will be expected to ‘CONSENT’ to the use of your information. In terms of consent, consent is one of a number of lawful bases for processing and it may be that organisations do not always need consent to process consumer’s data. In cases where they rely on consent, then that consent will need to be a positive, affirmative and unambiguous action confirming consent on the part of the consumer; for example, you will be required to opt into subscriptions rather than businesses relying on people to opt out.
The law gives all of us INDIVIDUAL RIGHTS in relation to our personal information. In simple terms the rights you can exercise are;
- To access the information a business holds on you;
- To get your information corrected
- To ask for the erasure of personal information;
- To stop direct marketing;
- Control over automated decision making & profiling;
- A right to information portability between controllers.
Businesses failing to look after our personal information according to the law face a tougher ENFORCEMENT approach by the Jersey Office of the Information Commissioner (OIC).
For more information contact the OIC, or visit their website at www.oicjersey.org.
Telephone: +44 (0)1534 716530