What the GDPR is that?
From a personal point of view many of the changes which this brings are a good thing. People have for many years now been taking personal information online and in other methods from us and then using it is ways we have not agreed with and many people have no control over this.
This new regulation is designed to restore individual control over personal data.
relevant rights which apply are:
1. Right to be informed
This is the right to be provided with “fair processing information” typically through privacy notice, the supplier of this information should be transparent about how they will use the information they have.
2. Right of Access
Under GDPR you have a right to obtain the following:
– confirmation that your data is being processed;
– access to your personal data; and
– The purpose of processing the data they hold
– The safeguards in place and any transfer of the data to a 3rd party.
– Other supplementary information which largely corresponds to information you should have been provided in a privacy notice.
3. Right of Rectification
You have a right to have information corrected if it is wrong or incomplete, where that data is disclosed to a 3rd party the controller of the data must them of the rectification.
4. The right to erasure
The right to be forgotten, the principal is that you can request an organisation removes your information from their systems and all those they have disclosed your information to. The circumstances in which they will need to do this are:
a. The data is no longer needed for its collected purpose
b. The subject (you) has withdrawn consent (and there are no other grounds for processing of the data)
c. The data subject has objected to the processing (and there are no other grounds for processing of the data)
d. A legal obligation requires the erasure of the data
e. The processing is unlawful (there are some pieces of data it is not legal to process except under special circumstances)
f. The data has been collected in relation to the
5. The right to restrict processing
Individuals can “block” or suppress the processing of personal data, in these cases the organisation can store the data but no longer otherwise process. They may maintain enough information to ensure the restriction is respected.
6. The right to data portability
The right to portability allows you to obtain and re-use your personal data for your own purposes across different services, it ensures that you can download or copy data from one service to another without hindrance to usability. At the most basic, an example would be a bank allowing you to download your transactional history as an excel file for you to use.
7. The right to object
You have the right to object at any time to your data being used, this includes marketing, research, or profiling. You must be informed of this right in communication when you supply the information and must be explicitly brought to your attention along with how to object.
8. Rights related to automated decision making and profiling
Some systems process information automatically and may profile you using your information, any decision made in this way you have the right to not be subject to that decision and demand human intervention in those cases when:
– it is based on automated processing; and
– it produces a legal effect or a similarly significant effect on the individual.
As you will see from these rights many of them will require organisations to arrange their data in a way which allows these rights to be exercised. The complaints procedure and fines for companies which do not adhere are strengthened too so we should see people being able to control the information others hold on them in a meaningful way.