Data Protection, simply put, is about putting you in control of your personal information. It is a fundamental right under European Law, safeguarding your privacy and your personal data.
When you hear the words data protection and online privacy you may think about social media and your privacy settings; controlling who sees your posts and what they see, including potential employers. However, to protect yourself is not as straight forward as you may think.
As society moves more into the digital sphere, personal data is being used in new ways and on a much bigger scale. Personal data is any information, online or offline, which identifies you: your name; bank account details; phone number; health information; and employment records are just some examples of personal data protected under Data Protection law.
Data Protection law gives rights to individuals, and places certain responsibilities on the organisations that collect and use personal data. Those using it must respect your data protection rights, only use your data for the purposes for which they collected it in the first place, keep it safe and secure and delete it once there is no longer a legitimate or legal reason for keeping it.
What laws are in place to protect you?
The General Data Protection Regulation (GDPR), will replace existing data protection laws across the EU, come May 2018. The GDPR is a far-reaching, once-in-a-generation reform of Data Protection laws. It reinforces and adds to existing Data Protection rights, and higher standards for organisation and businesses that collect personal data and introduces tough new penalties for those that fail to keep your data safe and comply with the law.
Some of your rights under the GDPR are as follows:
· The right to be informed: organisations collecting or using your personal data must provide privacy notices, in plain English, setting out how your data will be used.
· The right of access: organisations must provide you with a copy of your data within 30 days of request, and in most cases, free of charge.
· The right to rectification: you can have inaccurate or incomplete information rectified.
· The right to erasure: you can request that personal data, which is out of date or no longer relevant, be deleted.
· The right to restrict processing: under certain circumstances, you can instruct organisations to cease processing your data. This does not necessarily require the organisation to delete the data, and the organisation should retain just enough data to respect the restriction.
· The right to data portability: organisations must provide data in a reusable format, giving the flexibility to transfer your data from one organisation to another.
· The right to object: you can object to the use of your data for the purposes of legitimate interests, direct marketing, research and statistics.
· The right not to be subject to automated decision making, including profiling: the GDPR includes safeguards to protect you from potentially harmful decisions being made without human intervention.
Keeping yourself safe online
While Data Protection provides a legal framework for keeping you in control of your data, there are a number of issues to be conscious of.
Organisations collecting and using your data are obliged to provide privacy notices. You should be aware of these notices and understand how your data is being used, and whether or not it is being shared with third parties. The GDPR will require organisations to communicate this information in a much more accessible and clear manner than it currently is.
Organisations that collect your email address can only send you marketing emails with your consent. Marketing emails must give you an option to unsubscribe. With the GDPR, this must be as accessible as it was to subscribe in the first place.
Using open Wi-Fi or free Wi-Fi, although it can be an excellent facility, can be less secure than home internet or 3G. Being vigilant about accessing/uploading personal data across unsecure connections is important. It is not recommended to use open Wi-Fi for personal data, such as financial data or sensitive personal data, such as health data or when accessing any online social accounts.
Help is at hand
In Ireland, the Data Protection Commissioner is responsible for upholding your Data Protection rights. You can visit our websites www.dataprotection.ie or www.GDPRandYou.ie for more information. If you have a question about your personal data rights, or if you believe that you have grounds to make a complaint about how your personal information has been used, you can contact us on 0761104800 or email firstname.lastname@example.org.