Don't Panic -- GDPR Rights Are Nearly Identical To Today's

Another weekend of catching up with the marketing headlines, and checking out reactions in the comments under articles and the posts in which they are circulated, has gone by. More panic as GDPR approaches and more predictions of Armageddon come May 25th.

I'm always tickled by the conclusion of the reports that cite lack of awareness. For example, the government reckons only half of the country's companies have heard of GDPR -- so if you follow that through, by the time Bank Holiday Monday arrives at the end of May, half of the country's businesses will be line for a fine of 4% of global revenue or €20m. Can't really see it happening, can you?

Are companies sleepwalking into an abyss of fines and losing their brand image? Or do marketers sometimes over-egg their proverbial pudding? I mean, if you're compliant with the Data Protection Act, you're pretty covered for the GDPR when it comes to individual rights, aren't you?

That has been my "don't panic" mantra for a while, so I thought I'd check out the ICO's lists for citizens' rights under the Data Protection Act and GDPR. 

Here goes. 

List A.

  • a right of access to a copy of the information comprised in their personal data;
  • a right to object to processing that is likely to cause or is causing damage or distress;
  • a right to prevent processing for direct marketing;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act.

List B

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

Can you guess which one is which? OK -- so the biggest difference I have spotted is a move from bulleted points to numbers. But if you want to know which is which, A is DPA and B is GDPR.

So data portability is a completely new right? I'll concede that point. The right of erasure looks new, but was there all along with the caveat of "in certain circumstances."

Everything else is just a different way of saying the same thing. OK, it might be more direct under GDPR and a few less "in certain circumstances," but take a look at the lists and tell me what has truly changed, other than data portability.

This is why it's so important to go to the original source. Yes -- individual rights have probably been slightly strengthened, but these rights were there all along. 

I'm not saying there isn't a compliance challenge with GDPR, but what I am most definitely saying is that it's not the end of the world, as some commentators would have you think.

Take a look at those lists and ask yourself if the new regime is really all that different from the old.

Next story loading loading..