So yesterday GDPR (general data protection regulation) made the news headlines, and chances are it was news to most people (a recent survey suggests 85% of us hadn't heard of it before).
The news editors generally focused on attention grabbing items like the 'right to be forgotten', the end of 'opt-out', and the spectre of very large fines to underline the government's seriousness here. But it's a big chunky piece of legislation and there's a lot to it.
These stringent new regulations on data protection will come into force within a year and behind the scenes companies in the UK and Europe are working hard to get ready. A recent survey of 400 European CIOs suggested nearly 70% of companies have a clear understanding of the GDPR legislation and what's expected of them, which is good to hear! (It's tempting to be a bit alarmed about the other 30% but let's assume they'll catch up at some point..)
The regulations are a welcome stride forward. Privacy feels like an endangered animal these days and the government has to try to give consumers increased protection over misuse of their personal data.
The goals are virtuous, with the emphasis on removing ambiguity, through forcing companies to be more transparent, for example in using plain language about what consumers are consenting to when it comes to use of their personal data, and by forcing companies to give consumers easy access to review what personal data is being held.
Now that the cat is out of the bag, the Government needs to move into information mode. Looking at the legislation the onus will be on companies to communicate the regulations, and what they mean, to the consumers. So that's around how your data will be used and for what, and what you are consenting to, how you consent, what privacy notices mean, what they don't mean, what you have the right to do, how you can object. But the problem with that is that different companies will communicate it, and explain it in different ways, so even if the intentions are good, it's likely to be very confusing and unclear.
The government is delegating this but actually it needs to communicate with consumers too, so let's look forward to a slick and modern information campaign about GDPR. Clear and unambiguous! Fingers crossed we get one, eh?