We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
GDPR - Ugh?
Legacy_user
Posts: 0 Newbie
GDPR (General Data Protection Regulations) is not something that I have heard much about but it seems that it is going to place a significant burden on, inter alia, energy suppliers - particularly, when smart meters are fully rolled out. These new data protection regulations come into effect on the 25th May. The four big changes are:
a. Breaches. Suppliers have a duty to report a data breach within 72 hours.
b. Right to Access. Consumers will have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. This is to be made available FOC in an electronic format.
c. Right to be Forgotten. Consumers will have the right to ask for all their data to be erased; the right for their data not to be passed on to third parties etc.
d. Data Portability. The consumer will have the right to receive all data concerning them - which they have previously provided - in a commonly usable machine readable format with the right to transmit that data to another data controller.
e. Privacy by Design. This will now become a legal requirement; ie, only holding data absolutely necessary for the completion of its duties.
The industry view, as far as I can tell, is that compliance will increase supplier costs; for example, the Data Controller cannot be a part-time customer services agent. That said, it is thought that many small suppliers will struggle, and some will fail because of the additional administrative burden or following a 4% of turnover/Euro20M potential fine for any major breach.
Although this is an EU Initiative, the UK Government has said that it will be enshrined in UK Law.
FWiW, I only got interested in this subject when I read a blog written by a technical expert when he posed the question about how smart TV manufacturers are going to protect personal data when people sign up to smart services on their TV. For example, if the TV manufacturer is using viewing data to suggest future TV viewing, how does it know who is actually using the smart TV's features? It may not be the person that signed up to the use of his/her personal data. An extreme example: the point being made is that GDPR is a bit like an iceberg. There is more to it than can be seen on the surface.
a. Breaches. Suppliers have a duty to report a data breach within 72 hours.
b. Right to Access. Consumers will have the right to obtain confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. This is to be made available FOC in an electronic format.
c. Right to be Forgotten. Consumers will have the right to ask for all their data to be erased; the right for their data not to be passed on to third parties etc.
d. Data Portability. The consumer will have the right to receive all data concerning them - which they have previously provided - in a commonly usable machine readable format with the right to transmit that data to another data controller.
e. Privacy by Design. This will now become a legal requirement; ie, only holding data absolutely necessary for the completion of its duties.
The industry view, as far as I can tell, is that compliance will increase supplier costs; for example, the Data Controller cannot be a part-time customer services agent. That said, it is thought that many small suppliers will struggle, and some will fail because of the additional administrative burden or following a 4% of turnover/Euro20M potential fine for any major breach.
Although this is an EU Initiative, the UK Government has said that it will be enshrined in UK Law.
FWiW, I only got interested in this subject when I read a blog written by a technical expert when he posed the question about how smart TV manufacturers are going to protect personal data when people sign up to smart services on their TV. For example, if the TV manufacturer is using viewing data to suggest future TV viewing, how does it know who is actually using the smart TV's features? It may not be the person that signed up to the use of his/her personal data. An extreme example: the point being made is that GDPR is a bit like an iceberg. There is more to it than can be seen on the surface.
0
This discussion has been closed.
Categories
- All Categories
- 347.2K Banking & Borrowing
- 251.6K Reduce Debt & Boost Income
- 451.8K Spending & Discounts
- 239.5K Work, Benefits & Business
- 615.4K Mortgages, Homes & Bills
- 175.1K Life & Family
- 252.8K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards