Many or even most people will have had a Facebook profile for more than a decade, and we’ll have been searching the internet through Google for even longer. What that’s given those companies is an incredible amount of information and data on each and every one of us; today new laws have been passed that give us all more power over whether we can ask them to have that information erased.
So what does this new “right to be forgotten” legislation allow us to do?
The bill, which was announced in the Queen’s Speech and will be introduced in Parliament when MPs and peers return from the summer break in September will:
- Allow us to ask for our personal data held by companies such as Facebook and Google to be erased. This could include historical posts from our childhood, or that we no longer wish to be displayed on the internet.
- Enable parents to give consent for their child’s data to be used.
- Expand the definition of personal data to include internet cookies and IP addresses; the inclusion of cookies is particularly important as these are used by both Google and Facebook in order to provide you with targeted advertising based on your previous search history and the sites you visit when online.
- Make it easier and free for people to ask for details of the data companies hold on them.
- Create new criminal offences to deter companies from creating situations where someone can be identified from anonymised data. This is also a large area online as many of us will be providing data feedback by navigating websites and interacting with them; these new laws ensure nobody should know it was you that provided the data.
- The information watchdog has been given extra powers to issue huge fines to companies who fail to comply with the new privacy laws; maximum fines for contraventions will increase from £500,000 to £17m, or 4% of a firm’s global turnover.
What does this mean for small businesses and what do you need to do?
So what will happen once you, as a small business holder, receive your first ‘right to be forgotten’ (RTBF) request?
You’ll be given 30 days to find and delete all records of that individual’s information; that could be in your email marketing system, your customer relationship management (CRM) system, or any other computer and booking systems you run.
There is nothing to worry about should you receive a request, as long as you complete necessary preparation beforehand, and follow the correct process.
The most important step you should take is to understand the new Data Protection Bill’s requirements and how these relate to any existing regulation you comply with. You should also be thinking about where the information you hold on people is stored, and if it is currently organised in an efficient manner. If it isn’t, now could be an opportune time to get your data house in order; to review the data you hold, whether that’s on prospects, customers and clients or even suppliers, and ensure that there are firm controls over it.
Remember, you have just under a year to ensure you comply with the new regulations so make sure you begin the process as soon as possible. By focusing on the right areas and with the right processes and technology, your business can be fully equipped to comply.
Would you like some further information? Get in touch on 01566 232323 or email email@example.com