Four new rights of the individual under GDPR

The changes introduced by the GDPR in 2018 are substantial and aim for a higher level of data protection. The Regulation is again a wide-ranging piece of legislation passed by the EU and introduces new concepts like the ‘right to be forgotten’ and data portability (to call out only a few) which will take some getting used to.

 

Four GDPR rights

In general, there are four new rights for the individual:

  1. Rectification, this concerns the right to see your own data and to have it rectified;
  2. Erasure, popular under the term “right to be forgotten” as this concerns the right to have your data erased;
  3. Data Portability, which is the right to have your data transferred to a different processor/controller;
  4. Objection for direct marketing concerns the right to have a controller and processor stop processing for the purpose of direct marketing.

I have listed an overview of the key requirements from two perspectives, the individual rights and the obligations of the organization.

The rights of the individual:

  • Rectification (NEW)
  • Erasure (NEW)
  • Data Portability (NEW)
  • Objection –Absolute for direct marketing (NEW)
  • Restrict processing (put on hold)
  • Automated decisions and profiling
  • Access to data
  • Remedy from supervisory body/court
  • Compensation for Damage
  • Compensation for Distress

The obligations of the organization:

  • Consent harder to obtain/prove
  • Privacy notices more detailed/clearer
  • Proactively Demonstrate Compliance
  • Breach Notification (72 hours) -To individual and regulator
  • Appointment of Data Protection Officer (250+, or high-risk processing)
  • Privacy by Design
  • Privacy Impact Assessments
  • More obligations for Processors (Joint Controllership)

GDPR - four new requirements for protection personal data

 

USoft has tools for the Privacy Impact Assessment (Solvinx) and for full traceability USoft Studio GDPR and developed an approach to facilitate compliance to the GDPR.

  1. Ensure that relevant departments know that the law is changing, and anticipate the consequences of GDPR.
  2. Document what personal data is retained, what the sources are and with whom it is shared.
  3. View current privacy notices, and make any necessary changes.
  4. Identify and document the legal basis for any type of activity of the data processing.
  5. Make sure that the procedures are in place to detect, report and investigate data breaches.
  6. Assign a data protection officer, who takes responsibility for compliance with the principles and rules regarding the protection of personal data.

If you have any questions about GDPR, please get in contact with us or call us at: +31 (0)35 699 06 99. We’re happy to help you.

Written by: USoft

Related posts

Data, data everywhere, but not a purpose to serve

Data, data everywhere, but not a purpose to serve

In our previous blog Business rules and business processes: tomayto, tomahto or more? we have stressed the importance of business rules within organisations. With developments such as artificial intelligence, IoT, and data and process mining knocking on our doors, we...