How will you handle individuals’ rights to control their data?
From inception, the GDPR was designed to strengthen the privacy rights of EU citizens. Although some argue it hasn’t gone far enough, the Regulation still introduces a range of new requirements. The rights to access, erasure, rectification and data portability all need careful consideration, along with the right to object to direct marketing, profiling and processing under legitimate interests.
Individuals also have a right to be informed about the processing of their data. In a move aimed at ending small print in privacy policies, the GDPR clearly stipulates this must be done in a concise, transparent, intelligible and easily accessible manner. It must be written in clear and plain language, particularly if addressed to a child and subject access must be free of charge.
It’s important for organisations to assess what new policies, processes and systems they require to manage these new and revised rights.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance to the Data Protection Act 1998 or other statutory measures referred to in the document.