Have you heard of subject access requests? Sounds a bit technical but it really isn’t. It’s just the process whereby a customer or employee of an organisation can request access to all the personal data that the company has on them.
Not only that, but the data has to be organised into a common-read, easily transferable document. This right for people in the European Union has been around a long time – specifically since the EU Data Protection Directive was passed in 1995. However, the upcoming GDPR really strengthens various aspects of that previous law and introduces new, more aggressive controls and rights.
For instance, with regards to subject access requests, the time limit that a company has to respond to your request has been reduced from 40 days to 30 days. Moreover, they can no longer charge for any request that you send them. Most importantly though, the entire culture of privacy is changing, and fast. No longer can organisations act as if these data processes are a side issue not worth their time or concern.
The right of access to personal data is only one of many rights that are either introduced or reinforced in the GDPR, and it’s part of your duty as a citizen to be aware of, and exercise those rights, not only for your own good but as a catalyst for positive social change as well.
On the other hand, these new requirements may put considerable administrative burdens on companies who aren’t prepared for the upcoming privacy provisions. It’s all about being aware and getting prepared. As long as you have a process in place, May 25th shouldn’t be a massive headache.