Walter McCahon, Manager, Data Policy, UK Finance
As 25 May 2018 slowly approached, I had been wondering whether the General Data Protection Regulation (GDPR) would attract public attention or whether it would just pass by quietly.
It has been interesting to see that the public has indeed noticed, with the recent Financial Times article highlighting that GDPR has led to a substantial increase in firms receiving data protection requests from consumers. This increase also no doubt got a boost from the Cambridge Analytica scandal, which drew attention to issues of online privacy and data sharing.
It takes time for people to get an understanding of how new laws work and there are quite a few misconceptions floating around on social media. Those people interested in a simple explanation of how GDPR rights really work should take a look at the handy information from the ICO under its Your Data Matters campaign. For those interested in how GDPR affects financial services specifically, the UK Finance FAQs might also be a helpful reference.
Beyond the general public, we can also see an increased interest in data and privacy issues in government and among regulators. Recent months have seen the publication of a range of consultations of different types, including by departments not traditionally involved in privacy or data protection. For example:
- The Payment Systems Regulator published a discussion paper on data in the payments industry, including analysis and queries about interactions with data protection law.
- The Department for Business, Energy and Industrial Strategy published a green paper on modernising consumer markets, which included several sections discussing how best to enable consumers to make use of their personal data held by businesses.
- The brand-new Centre for Data Ethics and Innovation issued a consultation paper on their future role and priorities.
Which? has also taken an interest, publishing their Control, Alt or Delete? report about consumer data, touching on issues of transparency, customer control, advertising and data flows.
The upsurge in data protection requests to businesses might just be a spike for now. Still, with the growth of AI, algorithms, etc, it should be a safe bet that the longer-term trend is for interest to grow rather than shrink.