The changes introduced by the GDPR in 2018 are substantial and aim for a higher level of data protection. The Regulation is again a wide-ranging piece of legislation passed by the EU and introduces new concepts like the ‘right to be forgotten’ and data portability (to call out only a few) which will take some getting used to.
The four new rights for the individual are:
- Rectification, this concerns the right to see your own data and to have it rectified;
- Erasure, popular under the term “right to be forgotten” as this concerns the right to have your data erased;
- Data Portability, which is the right to have your data transferred to a different processor/controller;
- Objection for direct marketing concerns the right to have a controller and processor stop processing for the purpose of direct marketing.
I have listed an overview of the key requirements from two perspectives, the individual rights and the obligations of the organisation.
The rights of the individual:
|The obligations of the organisation:
- Ensure that relevant departments know that the law is changing, and anticipate the consequences of GDPR.
- Document what personal data is retained, what the sources are and with whom it is shared.
- View current privacy notices, and make any necessary changes.
- Identify and document the legal basis for any type of activity of the data processing.
- Make sure that the procedures are in place to detect, report and investigate data breaches.
- Assign a data protection officer, who takes responsibility for compliance with the principles and rules regarding the protection of personal data.
Call or email for more information: