The new General Data Protection Regulation (GDPR) comes into force on 25 May 2018. The regulation brings with it new rights for people living within the EU. The rights relate to personal data which is processed by businesses and organisations, whether the business or organisation is based within the EU or not.
What Constitutes Personal Data?
Personal data is any data, or group of data, which can be used to identify a natural person; anyone who is living. In some cases a name may be sufficient, if it is unusual. In other cases the data may be something like an address, email address or IP address.
What are the Enhanced Rights?
There are several rights for people living in EU states which have been enhanced, or introduced, as a result of the GDPR. These rights are:
- The right to be informed about how personal data is being used.
- The right to request access to personal data that is being held, at no cost. The response needs to be responded to within 40 days.
- The right to ask for mistakes or omissions to be rectified.
- The right to have personal data deleted, unless the business or organisation has another legally valid reason for holding and processing the data.
- The right to ask for the processing of personal data to be restricted.
- The right to be provided with a portable version of personal data which you can send on to third parties.
- The right to object to personal data being used.
- Rights concerning the use of profiling and automated decision making.
All of these rights apply to anyone who lives within the EU. All businesses and organisations that process the personal data of these people need to be aware of these rights and to comply with them.