What is the GDPR Right to Object?

The new General Data Protection Regulations will be part of EU Member States’ legislation by the end of May. These guidelines are aimed at protecting the rights of EU citizens—wherever they live.

Businesses that employ or do business with EU citizens must comply with these regulations or face stiff penalties. One of the rights companies must ensure is the right to object.

What is the Right to Object?

When data is collected individuals must be informed of their right to object to the processing of their data. This communication must occur in clear understandable language.

Individuals whose personal data is collected have the right to object to three things:

  1. Processing of their data which is done for statistical purposes related to history or science research
  2. Processing that is based on profiling or other public interest task.
  3. Direct marketing.

Further, individuals can object based on their own beliefs and/or situations.

What Businesses must do if an Objection Occurs?

First, companies must have in place a procedure and an official who receives and considers these objections.

All objections must be carefully considered. Not all of them will be acted upon. Companies or organizations must respond within a month.

If a business can show that the data they are collecting is for legal claims, the objection may be overridden.

Businesses should keep accurate records of objections and dates and the action taken. If an objection is filed the company must immediately cease using the data for direct marketing purposes until a resolution of the issue occurs.

Dealing with an objection must occur at no cost to the individual who filed the objection. Frivolous objections may not hold. And costs could occur if someone makes frivolous and/or repetitious objections.

If data is required for purposes of research related to an issue of public safety, public health or public interest, your company might not have to comply with an objection.