The biggest overhaul of data privacy regulation in the history of the internet will come into force on Friday as businesses scramble to comply with the new rules.

From May 25, the new General Data Protection Regulation (GDPR) will give people in the EU new powers to access and control their personal data.

The new rules also give regulators greater power to levy fines on firms who mishandle data or fail to be transparent in how they collect and use personal information.

In the build-up to the rollout, the Information Commissioner’s Office (ICO) has moved to calm confusion among some businesses over the need to get fresh consent from customers in order to comply with the regulations.

As part of GDPR, company requests for consent on gathering data must be “clear and distinguishable” in easy-to-follow language, and provide a simple way to withdraw consent.

This has lead to dozens of firms sending out emails asking customers to confirm they have their consent to continue to contact them.

But while the ICO said GDPR does “set the bar high” for consent, the regulator has warned that in some cases, sending further emails could risk non-compliance through difficult to follow messages, breaching new openness and transparency rules.

“Where you have an existing relationship with customers who have purchased goods or services from you, it may not be necessary to obtain fresh consent,” deputy information commissioner Steve Wood said in a recent blog post.

“It’s also important to remember that in some cases it may not be appropriate to seek fresh consent if you are unsure how you collected the contact information in the first place, and the consent would not have met the standard under our existing Data Protection Act.

“We’ve heard stories of email inboxes bursting with long emails from organisations asking people if they’re still happy to hear from them. So think about whether you actually need to refresh consent before you send that email and don’t forget to put in place mechanisms for people to withdraw their consent easily.”

(Dominic Lipinski/PA)(Dominic Lipinski/PA)

The new laws also strengthen the jurisdiction of EU regulators, with the regulation applying to all companies and data controllers who handle the data of EU citizens, regardless of where the company itself is based.

The rules will also give people the right to access the data firms have gathered on them, as well as request it be deleted should they so wish.

GDPR will roll out at a sensitive time for large technology firms and interest in data privacy, following a number of scandals around how it is collected and used, including Facebook’s Cambridge Analytica incident.

What changes will GDPR bring?

New data laws come into force in Europe on May 25, but how will the General Data Protection Regulation (GDPR) affect businesses and the general public?

– What is GDPR?

The General Data Protection Regulation is a new, EU-wide law that gives greater power to regulators to penalise companies who mishandle personal data or are not transparent about how their business uses it.

For consumers, it brings new powers that require firms to obtain clear consent from users before processing their data, as well as grants users a right to easily access the data collected from them and transparency on how it is being used.

– What are the key aspects of the regulations?

As well as those already mentioned, one key element is the increased jurisdiction GDPR gives regulators.

Under the new rules, any company that controls or processes the data of EU citizens must adhere to the GDPR guidelines, ending territorial-based accountability used by some firms not based in the EU to previously avoid sanction.

The law also states that notification of a data breach must occur within 72 hours of being first discovered, increasing transparency around such incidents.

The weight of fines able to be issued will also increase under GDPR. Regulators will be able to issue penalties equivalent of up to 4% of annual global turnover or 20 million euro (£17.5 million) – whichever is greater.

For tech giants such as Google and Facebook, this could mean the risk of fines running into the hundreds of millions.

(Dominic Lipinski/PA)(Dominic Lipinski/PA)

– Will it make a difference to business?

It already appears to be. Many large technology and internet companies have begun the process of making their data practices more transparent with the threat of large fines hanging.

Both Facebook and Twitter have been rolling out updates to their privacy policies, adding clearer language and description of data use, and offering more tools to users to share or remove their personal data from that platform, as is required by GDPR.

The recent Cambridge Analytica scandal has also increased public scrutiny on data use, with Facebook acknowledging it has received more questions from users recently on how it gathers and shares personal data.

– Am I likely to be affected?

Yes. Whether you own a business, run a charity, or have signed up to newsletters via social media or online shopping websites, the GDPR is likely to impact us all.

The Act will give individuals easier access to the information that organisations hold about them – free of charge.

Currently, there’s a £10 fee for a Subject Access Request (SAR), which businesses and public bodies can charge in order to release any personal information. However, the GDPR means this will be scrapped and requests for personal information can be made free-of-charge and must be released within one month.

– What happens if I ignore it?

Everyday users have to do very little to comply with GDPR – it’s more targeted at big online businesses.

Many people will have already noticed emails from organisations asking whether they still want to be on the receiving end of their mailing list and other information. However, these are not necessary in every case and if you have an existing relationship with a firm from which you have purchased products or services you do not need to give fresh consent.