Skip to main content

What GDPR Is and How It Affects Britons

Shuvam is a financial writer and has avid knowledge of the unsecured lending industry of the United Kingdom.

What Should Users Expect?

Online users can look forward to having more control over their personal data with the implementation of this regulation.


If you thought that Europe’s General Data Protection Regulation (GDPR) is a law created to fill your inbox with spam warnings from every company you have ever interacted with online, with subject lines that read: ‘The privacy policy has changed’ and requests to ‘Just click here so we can stay in touch’. Well then, you’d be forgiven.

A closer look will reveal that GDPR is far more than just a mailbox-clogger. The regulation, seven years in the making, finally came into effect on 25 May 2018 and is set to bring out significant changes in everything from technology to advertising and medicine to banking. We will look at how these changes are going to influence the lives of Britons.

How Does GDPR Work?

The purpose of GDPR is to make it possible for consumers to control how companies use their personal details. This means that a company does not have the right to gather or make use of personal data without consent from the individual. Names, email addresses and phone numbers are all considered personal data, as well as online browsing behaviour which a website collects using cookies.

GDPR aims to affect big tech guys such as Facebook and Google, but companies of all sectors will see its effects. A case in point being the recent government’s investigation into Cambridge Analytica’s interference in state elections involving electoral mandates. The investigation led to many top executives in the company being relieved of their jobs.

After 25th May 2018, companies who misuse personal data can receive a fine of up to £17 million from the Information Commissioner’s Office (ICO), or 4% of that company’s global annual turnover, whichever amount is higher.

But What About Brexit?

The GDPR applies to all companies that offer service within the EU, even if it has headquarters elsewhere. According to the government, the General Data Protection Regulation will still apply once the UK leaves the EU.

The UK Data Protection Bill is soon going to include GDPR standards and is currently being processed in parliament. Ministers expect the GDPR enforcement to help companies to prepare for Brexit, as the law in Britain will be in line with the rest of the EU. If the rules were different, it would make trading between European countries harder.

Scroll to Continue

Read More From Toughnickel


What Does It Mean for Businesses?

Huge amounts of paperwork. Business groups say companies will have to spend £1.2m each, on average, to meet the complex new requirements.

A report by the Sun showed that many businesses do not currently track their data processing in a way that complies with the new rules. In the event that they have sought consent from customers to collect data, the records are often out of date, or the consents do not meet the GDPR standards.

What is clear that not many businesses have been successfully compliant since 25 May. Multinational companies have been seen scrambling since the announcement and introduction of the legislature. Nonetheless, for companies that demonstrate intent, with significant signs of appropriate planning, there will be considerable leeway until a future deadline is established.

The implementation of this regulation also had an impact on the financial services sector of the UK. The Financial Conduct Authority (FCA) and the ICO held round table discussions to sort out the concerns of the financial industry.

How Will GDPR Affect Online Users?

There are a host of new requirements rolled into the GDPR. Users also have the “right to be forgotten,” allowing them to demand that companies remove certain personal information from the internet, and the right to opt out of sensitive data collection. Some cases where the “right to be forgotten” applies are:

  • Information that isn’t relevant anymore.
  • If an individual no longer consents to the use of their personal data.
  • An individual who does not allow firms to use their data for marketing.
  • In a case where a firm processed the data improperly.
  • If legally the data needs to be removed.
  • Data of a child that was exchanged for “information society services”.
  • If your claim is legitimate, the firm must remove your data, unless it goes against their legal obligations or other rights that allow them to use this information.

Final Thoughts

Research carried out by the government showed that not many firms were aware of the General Data Protection Regulation. At the beginning of 2018, only 38% of businesses and 44% of charities had heard of the GDPR. These figures indicate that enforcement of the law is very much necessary.

On the other hand, online users can look forward to having more control over their personal data. In the last month, tens of thousands have already taken advantage of this opportunity to protect their privacy.

This article is accurate and true to the best of the author’s knowledge. Content is for informational or entertainment purposes only and does not substitute for personal counsel or professional advice in business, financial, legal, or technical matters.

© 2019 Shuvam Samal

Related Articles