Handling individuals’ rights to control their data
From its inception, the GDPR (which came into force on 25th May 2018) was designed to strengthen the privacy rights of EU citizens. Although some argue it hasn’t gone far enough, the Regulation still introduces a range of new requirements. The rights to access, erasure, rectification and data portability need careful consideration, along with the right to object to direct marketing, profiling and processing under legitimate interests.
Individuals also have a right to be informed about the processing of their data. In a move aimed at ending small print in privacy policies, the GDPR clearly stipulates this must be done in a concise, transparent, intelligible and easily accessible manner. It must be written in clear and plain language, particularly if addressed to a child and subject access must be free of charge.
It’s important for organisations to ensure new policies, processes and systems recognise these new and revised rights.
The information provided and the opinions expressed in this document represent the views of the Data Protection Network. They do not constitute legal advice and cannot be construed as offering comprehensive guidance on the EU General Data Protection Regulation (GDPR) or other statutory measures referred to.