So what is it? The GDPR (General Data Protection Regulations) are from the EU.
Oh so that means they won’t apply next year doesn’t it? Well actually they’ve essentially been made UK Law in the Data Protection Act 2018. They’re here to stay along with a bit of our UK interpretation & specifics.
The legislation sets out that companies, organisations and anyone processing personal data must protect it and collect it in an open and ethical way. We at Voice are run by a UK Charity called Upstart Projects, and we’re no different. Although the changes to the rules don’t affect us as much as some organisations for a few reasons:
We have never bought data about other people and so only have information we have directly collected in a legitimate way
Most of the data we hold about individuals is very limited and is available to you to edit anytime in your user profile - we don’t hold it on massive databases in a corporate network
We are a small organisation with robust processes already - you won’t have to go through rounds of customer service contact centres to find your data or change it!
So whilst there’s plenty of legal jargon and innumerate explanations about GDPR available (Here’s one video from the BBC, and another source, a third, even a fourth - by the Scouts in Scotland - I’m going to summarise the key points.
It says that everyone has the right to know what information data controllers (the companies & organisations who hold your data) have about you, how they use it. and how you can get it changed. Information varies and for some companies it is not only your contact details, but your browsing habits online or purchase history. Does a company record what you’ve bought before and then email you about a new offer they have 6 months later? Did they get permission from you first?
There’s another question. Did you know you were giving permission? It has to be clear - not tucked away in some tiny terms & conditions somewhere.
Myth 1: I didn’t give permission, so they can’t do that!
Myth 2: I have to contact everyone I don’t ever want to hear from again.
No you don’t. And actually you never really have. It’s been a responsibility for organisations to only keep accurate and relevant data for as long as needed. So you’re pretty safe. Of course many organisations have sent out emails asking you to resubscribe. They may not have needed to. But if they did and you didn’t resubscribe - then you should by now be safely off their list.
Myth 3: I’m under 16 and so not allowed to use internet websites.
As long as you have the permission of your parent or legal guardian to share your data then actually it’s ok. They should have read and understood the privacy notice, terms and any other details from the data controller first of course.
Do you have a question or myth that you want answered here? Just ask it in the comments below or email firstname.lastname@example.org and we’ll dig out the answer!
The new rules have clarified your rights as a data subject (that’s the person the data is about). You can find out more in most privacy policies, including ours which are:
The right to request a copy of the personal data which we hold about you
The right to request that we correct any personal data if it is found to be inaccurate or out of date
The right to request that your personal data is erased where it is no longer necessary to retain such data
The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller (known as ‘the right to data portability’), where applicable i.e. where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means)
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
The right to object to our processing of personal data, where applicable i.e. where processing is based on our legitimate interests or in performance of a task in the public interest/exercise of official authority; direct marketing or processing for the purposes of scientific/historical research and statistics).
So what have we at Voice done?
We also made some changes to Voice to help give you even more power. These included:
Allowing you to select whether or not to receive comment notification emails on posts you submit - on a per post basis.
Allowing you to select whether or not to receive comment notification emails on posts you have commented on - on a per post basis.
Allowing you to select whether or not to receive our enewseltters when you register or edit your profile (previously you agreed on registration but then had to click an unsubscribe link from the email itself)
And now if you click an unsubscribe link in an email (sent by Mailchimp) our mailing list not only updates, but so does your user profile on our website! - Meaning our data is consistent wherever we look
Allowing you to choose whether or not to be reminded to post content or receive congratulatory emails from us
Enabling you to completely delete your account with us in a couple of clicks in addition to being able to edit/amend all your data - meaning you don’t need to email us about the deletion
Now we ask you to confirm parent or guardian consent on registration if you’re under 16 (previously it was 13)
We’re also looking at any users who haven’t logged in for a while and deleting their account, and looking at anyone who hasn’t opened monthly emails in a while and removing them from our mailing list. They opted to join either, but may have forgotten about us anyway so we’re having a little cleanse.