New data protection law and what it means for you

May 2018 sees the General Data Protection Regulation (GDPR) come into force, which means companies and organisations have to be upfront with you about the data they hold on you and what they do with it.

Don’t worry! It’s nothing scary; in fact, it’s good news as it means your data is going to be better protected. We’ve broken down all the complicated jargon, to tell you all you need to know…

How was my data protected before the GDPR?

Up until now, the law around how our personal data is stored and used has been pretty vague. The last time it was updated was in 1998 and known as the Data Protection Act. This was before the internet became widely used by everybody around the globe, radically changing the way we use, store and share our personal data.

What exactly is my ‘personal data’?

This is any information that could be used to identify you. It covers obvious things such as our names, addresses, emails, phone numbers and bank details, and also less obvious details like our ethnicity, political and religious views, details on our health and whether or not we’re a member of a trade union.

In terms of the new regulations, personal data also covers online identifiers, like IP addresses (this is the unique numerical label attached to any device you use that connects to the internet), location data and mobile IDs.

Why does the GDPR matter?

It basically gives you more say over how your data is used. Currently, companies like Google and Facebook swap your data for use of their services. Often, we don’t even know where our data is being shared, hence we end up receiving random alerts, emails and mail from companies we’ve previously had no experience with. This can be unsettling for people and makes us suspicious of sharing our data online.

The GDPR aims to tighten up the law, and build more trust between people and the companies and organisations they deal with, by creating more transparency about how our data is being used and shared. Fines will be issued to companies and organisations that fail to comply.

What do I need to do?

Nothing directly. You’ll find that companies and organisations you already deal with – such as shops you buy from or charities you donate to – may be in touch to explain that they’re updating their privacy policies and to give you more details on how they use your data. 

The good news is that you’ll no longer be hoodwinked into signing up for email newsletters or direct mail by forgetting to untick a box hidden on a webpage giving you the option to opt-out. 

Can I ask a company/organisation to delete my data?

Yes. Under the GDPR, you have the right to ‘be forgotten’. This means you can contact a company/organisation and ask them to delete the data they store on you. 

You can also contact a company/organisation at any time and request to see what data they hold about you.

For more detailed information about the new data protection legislation, head to the Information Commissioner’s Office (ICO) guide to the GDPR.


Together Mutual Insurance – how we’re being GDPR compliant

Here, our Business Transformation Programme Manager, Amanda Padbury, explains what we’re doing to ensure our customer data is fully up to date:

“We have been working on getting ready for the GDPR since July 2017 and have a strong team of Champions from across all departments to make sure we meet the new regulations. As a company, we have followed the ICO’s guidelines and have fully engaged with our colleagues to ensure everyone in the organisation is aware of the changes.

“We have fully reviewed all the information we hold, reviewed our privacy notices, refreshed our consent and we have also developed robust processes to be able to cover all the new rights individuals have. We are all confident that our members will benefit from the extra protection that the GDPR brings.”