You are probably reading this article on your smart phone, which has a digital footprint of all the people and entities in your life who you have interacted with online.

Whether you are aware of it or not, your personal data is being shared online for the world to consume.  This means that your location and preferences are well known.

How then does a consumer monitor their digital footprint when they seek only to exist in a physically accessible world?

Since the inception of the GDPR[1], in certain circumstances, EU consumers can now request that they have their personal data erased.  This is known as the right to be forgotten.[2]  This means that companies that house records of personal data must have procedures in place that allow the consumer to completely wipe out their data.

The GDPR has also enhanced consumers rights to request that companies withdraw, transfer or provide the data they hold to another ISP or bank.[3]  This is the principle of data portability which allows individuals to obtain and reuse their personal data for their own purposes, across different services, without affecting its usability.  This must be done in a format that is easily understandable.

Under the GDPR, consumers now have the ability to request any company that stores their personal data to provide them with access to it.  The GDPR also enables consumers to update or improve their data, which allows for improved accuracy of the information held in that company’s records.

The GDPR also provides consumers with the ability to control what they receive in their spam boxes.  This is done by making it necessary for companies to seek marketing consent.

The GDPR has improved consumer protection in an increasingly digitised world.  Consumers now have a choice to request the removal of their existence from internet history, to ask to access their personal data, to ask to update data, to obtain and reuse data and make it more accurate.

Companies that store personal data must be aware of GDPR consumer rights, and must have procedures in place that enhance the consumers rights under GDPR.  If they don’t they may realise too late that they have made an expensive mistake.  This is since, failure to comply may lead to the company being fined up to 4% of their global turnover.   They may also be sanctioned, and may receive an injunction to cease all commercial activities dealing with personal data, depending on the gravity of the violation.

 

[1] The General Data Protection Regulation, termed GDPR , is a major new European privacy law that came into effect on 25 May 2018.
[2] Article 17 of the GDPR
[3] Article 20 of the GDPR
[4] Article 15 of GDPR