An Idiot’s Guide to GDPR

By Loot | Friday 25th May, 2018

Your inbox is probably swarming with companies pushing for you to ‘opt-in’ to them sending you emails or for you to confirm you still want them to contact you digitally at all. And as annoying as this is, it’s all down to a new regulation that has been introduced to give you more privacy with your personal data.

This year, on the 25th May, GDPR (General Data Protection Regulation) comes into effect and will change how companies collect and use your personal information. This is good news for your spam folder, but challenging news for companies who will no longer be able to offer you personalised marketing campaigns without your permission.

Argh but what does that even mean?

Okay well say a clothes company knows that you have taken an interest in their running trainers whilst online shopping, before now, they could send you an email that persuaded you to buy running shoes with loads of targeted information about how their shoes help you run a marathon and shit like that.

Now, unless you give them permission, companies either cannot email you at all or they can only send you non-specific marketing emails. So in this case, an email that simply promoted this season’s clothes, not specifically their running shoe collection. Get it?

No? Okay, say you signed up to a newsletter ages ago and all of a sudden you’re getting emails from the pizza place down the road and some company selling dieting pills. Well now it’s illegal for people to share your data in this way without your consent (so theoretically you’ll get less spam).

This might seem really pointless, but every piece of data on you that floats around the internet paints a picture of who you are. And this information can essentially be used to sell to you, or if breached, to commit crime. Which is why, even if you just view this as some nonsense about how companies contact you, it’s important to see that its impact is much bigger.


Sorry did you just say crime?

Erm yeah… There have been several large cases in the past in which a customer’s personal data has been leaked or misused resulting in impactful consequences for the victims. The most recent was, of course, the Cambridge Analytica case which brought Facebook’s security measures into question. Other perhaps lesser known (or better covered up) breaches come from trusted brands like Ebay, Yahoo and Uber.

These breaches mean that a person is able to access and steal parts of someone else's personal information such as their name and date of birth, or their address and password which paints a picture of someone’s identity. Criminals then use this data to commit crimes ranging from money laundering to identity fraud.

So what are your rights?

From 25th May, you have the choice to opt-in to company marketing material and if your wishes are not respected, you are within your rights to take action. You can also now ask a company to show you every piece of information or piece of data they have on you (usually for a fee) and you have a right to be forgotten (i.e all information on you is wiped- by law however, some companies must keep certain information about you).

So although GDPR is quite possibly the driest acronym around, it’s presence is going to change the face of communication and privacy so it’s important that you actively decide to opt in and opt out when companies and brands prompt you to. For more information, check out the ICO here.