Four new rights of the individual under GDPR

The changes introduced by the GDPR in 2018 are substantial and aim for a higher level of data protection. The Regulation is again a wide-ranging piece of legislation passed by the EU and introduces new concepts like the ‘right to be forgotten’ and data portability (to call out only a few) which will take some getting used to.

 

Four GDPR rights

In general, there are four new rights for the individual:

  1. Rectification, this concerns the right to see your own data and to have it rectified;
  2. Erasure, popular under the term “right to be forgotten” as this concerns the right to have your data erased;
  3. Data Portability, which is the right to have your data transferred to a different processor/controller;
  4. Objection for direct marketing concerns the right to have a controller and processor stop processing for the purpose of direct marketing.

I have listed an overview of the key requirements from two perspectives, the individual rights and the obligations of the organization.

The rights of the individual:

  • Rectification (NEW)
  • Erasure (NEW)
  • Data Portability (NEW)
  • Objection –Absolute for direct marketing (NEW)
  • Restrict processing (put on hold)
  • Automated decisions and profiling
  • Access to data
  • Remedy from supervisory body/court
  • Compensation for Damage
  • Compensation for Distress

The obligations of the organization:

  • Consent harder to obtain/prove
  • Privacy notices more detailed/clearer
  • Proactively Demonstrate Compliance
  • Breach Notification (72 hours) -To individual and regulator
  • Appointment of Data Protection Officer (250+, or high-risk processing)
  • Privacy by Design
  • Privacy Impact Assessments
  • More obligations for Processors (Joint Controllership)

GDPR - four new requirements for protection personal data

 

USoft has tools for the Privacy Impact Assessment (Solvinx) and for full traceability USoft Studio GDPR and developed an approach to facilitate compliance to the GDPR.

  1. Ensure that relevant departments know that the law is changing, and anticipate the consequences of GDPR.
  2. Document what personal data is retained, what the sources are and with whom it is shared.
  3. View current privacy notices, and make any necessary changes.
  4. Identify and document the legal basis for any type of activity of the data processing.
  5. Make sure that the procedures are in place to detect, report and investigate data breaches.
  6. Assign a data protection officer, who takes responsibility for compliance with the principles and rules regarding the protection of personal data.

If you have any questions about GDPR, please get in contact with us or call us at: +31 (0)35 699 06 99. We’re happy to help you.

Written by: USoft

Related posts

OAZ chooses USoft as low-code platform to develop MijnOAZ 2.0

OAZ chooses USoft as low-code platform to develop MijnOAZ 2.0

OAZ, knowledge partner for HR, has chosen USoft as its low-code platform for the development of MijnOAZ 2.0. Together with IT service provider Endava, OAZ will be continuing to automate its service-oriented processes. The project at OAZ is part of the launch of the...

The new technical features in USoft 10

The new technical features in USoft 10

With the launch of USoft 10, we are taking the next step in effortlessly developing business-critical applications. The most important improvements and new technical features at a glance: Integration of USoft Studio in USoft 10 In USoft 10, we have integrated Business...