The General Data Protection Act (GDPR) comes into force today giving everyone in theUK and across the EU clearer control of the personal data organisations hold about us.
We've all received emails from companies asking to stay in touch with us for weeks now, but why is it happening?
The changes GDPR has brought build on the previous 1998 Data Protection Act, giving you more rights and protections around your personal data.
Which? consumer rights expert Adam French said: 'GDPR will strengthen your personal data rights, including the way companies handle your data and redress for misuse of that data.
'Companies will need to tell you exactly what you're signing up for and you will have more control when it comes to opting out of future marketing emails.
'You will also have more opportunities to make a claim for damage caused by the misuse of your data.'
We explain six of the new rules, and what they mean for you.
To send marketing material to you by email, companies will usually need to demonstrate that they have your consent to do so, and that the consent meets the required standard set out by GDPR.
This why many of us have received a flurry of emails, forms and other communications over the last month asking us to review our privacy settings.
Some companies will already have GDPR compliant forms of marketing consent. Other companies may not need to rely on consent for marketing communications.
If you don't update your preferences or actively opt-in, many companies may assume you don't want to continue receiving further communications and will remove you from their databases.
Withdrawing your consent should be as easy as giving it. Companies should make it easy for you to do so, for example by providing an unsubscribe link at the bottom of all of their marketing emails.
Companies have to clearly explain what you're signing up for or opting in to at the point you're presented with the choice.
Your positive opt-in is based on the information presented to you at the time, so it shouldn't later be used for anything you didn't sign up to.
You have the new right to data portability under the GDPR, which means you can ask for your data from a company in a machine-readable format.
This is not an absolute right - it only applies to personal data you've already provided to a company where either the processing is based on consent or on a contract, or the processing is carried out by automated means.
This will enable you to reuse your data - for instance, it could help you get a better energy deal if you upload your usage data to a switching service.
Under the new regulations, you have the right to access the of yours an organisation processes - this is called a - as well as requesting the information is deleted if you want. The right is not absolute and only applies in certain circumstances.
Previously you may have had to pay £10 for a Subject Access Request, which the GDPR has scrapped.
Requests for personal information a company holds on you must be responded to within one month, with some allowances for extensions.
A word of warning, if your request is unfounded or excessive, the controller of the data may still charge a fee or refuse to act on the request.
The company should explain to you the nature of the personal data breach and who to contact.
Companies also need to notify the Information Commissioner's Office within 72 hours to report the breach.
You also now have more opportunities to make a compensation claim for a misuse of your data.
You can now make a claim against the data processor, as well as the data controller, but can only win once from one.
You're able to claim compensation for both material and non-material damage, which includes distress and reputational damage.