There are two main reasons for the introduction of General Data Protection Regulation (GDPR); to create uniformity in the way data protection is dealt with across the EU and to provide new, and clarified, rights to people living within EU states.
What are the Rights of Individuals?
There are several rights of the individual which are detailed in the GDPR and which need to be complied with once the regulation becomes law on 25 May 2018.
- The right to be kept informed about the way their personal data is being used by a business or organisation.
- The right of access to any personal data that is held. Under GDPR System Access Requests (SARs) must be responded to within 40 days and must usually be processed free of charge.
- The right to to ensure that any mistakes or omissions in their personal date are rectified.
- The right to have personal data deleted. You may hear this referred to as the right to be forgotten. It’s important to note that businesses and organisations do not have to comply with this right if they have a legally valid reason for continuing to hold and/or process the data.
- The right to ask for processing to be restricted. This means that the individual is not asking for personal data to be deleted, just that it’s no longer processed.
- The right to have access to data in a machine readable format. This is known as the right to data portability. Once the individual has an electronic copy of their personal data they can then choose to send it on to a third party, if they wish.
- The right to object to personal data being processed.
- Rights to do with profiling and automated decision making.
All of these rights apply to individuals who live within the EU, under GDPR rules.