Data, citizens’ rights, privacy and cyber security are never very far from front page news. Over the next few months new rules will come into force that will re-define people's rights over the usage and storage of their personal data. Our Communities programme is beginning work to explore what this will mean on a practical level in our everyday lives.

The General Data Protection Regulation (GDPR) will come into force across the EU on 25 May 2018. It will change how businesses and organisations can handle the information they hold about their customers and gives new and enhanced rights to individuals in relation to both the access, handling and storage of their personal data.

It will “significantly overhaul Europe’s cornerstone data protection legislation at a time when information systems and digital business underpin human life”. [Bird & Bird guide to GDPR]

However, most of the work to prepare the UK for GDPR is centred on businesses and organisations and how they must get their data-processing houses in order.

We are developing a pilot project to explore GDPR from the perspective of the individual, focussed on discovering the best way to engage people and communities with this significant change in their data rights.

The shift in regulation, that will affect the UK both before and after Brexit, comes at a time when recent surveys show people's lack of trust in how their personal information is managed. 

A recent ICO/ComRes survey found that only 20% of people had trust in organisations holding their data and that they are “broadly unfamiliar” with the specifics of how their personal data is being used by companies and organisations in the UK, with only 10% saying they have a good understanding of how their personal data is used.

A survey by software firm Civica found that only 12% of UK citizens, (18% of 16-24 year olds), are very aware of what the GDPR means, but 53% said they are more likely to ask for information held on them once it becomes free to do so.

The survey also found that 53% would trust organisations more if they were clear what personal data they stored about them and 65% think personal information is being shared without their knowledge.

The GDPR covers the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erase
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Our Communities programme will work with local community groups, individuals and schools to examine how GDPR will change people’s individual rights in practical ways. We will use what we will learn to benefit other communities in the South West and across the UK.