GDPR: Your 8 Rights as Individuals

by | Dec 7, 2018 | Resource, Wharncliffe News

General Data Protection Regulation (GDPR) provides 8 main rights for individuals and strengthens those that already exist under the previous titled Data Protection Act. Below are the 8 main rights for individuals and a brief explanation of each to give you a better understanding of them.

1. The right to be informed

The right to be informed states how the information you supply about the processing of personal data must be, typically in a privacy notice:

  1. concise, transparent, intelligible and easily accessible;
  2. written in clear and plain language, particularly if addressed to a child; and
  3. free of charge.

The information you supply is determined by whether or not you obtained the personal data directly from individuals. For more detail and what information you must supply to individuals at what stage, click here.

2. The right of access

Under the right of access, you must be able to provide processing confirmation and access to an individual’s data free of charge and provide it in a commonly used format – an electronic format if the request is made electronically. Ensure careful planning of this if dealing with multiple systems so you can achieve high efficiency to counter the fact that the information must now be accessed free of charge.

3. The right to rectification

Individuals are entitled to have their personal data rectified if inaccurate or incomplete and you must respond to a rectification request within one month if not deemed complex. You must inform related third parties where possible if the personal data is disclosed to them also.

4. The right to erasure

‘The right to be forgotten’, or right to erasure means you must have procedures in place for removing or deleting personal data easily and securely where there is no compelling reason for possession and continued processing.

5. The right to restrict processing

Individuals have the right to ‘block’ or restrict processing of personal data, in the following circumstances outlined by the ICO:

  • “Where an individual contests the accuracy of the personal data, you should restrict the processing until you have verified the accuracy of the personal data.”
  • “Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and you are considering whether your organisation’s legitimate grounds override those of the individual.”
  • “When processing is unlawful and the individual opposes erasure and requests restriction instead.”
  • “If you no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.”

You must inform any third parties that are also involved with the data about the restriction, and inform individuals when you remove a restriction on processing.

6. The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data across different services for their own purposes. The right only applies:

  1. to personal data an individual has provided to a controller;
  2. where the processing is based on the individual’s consent or contract; and
  3. when processing is automated.

The right allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting usability. Therefore if a client on your site cannot quickly download their account transactions for example, this will need to be amended.

7. The right to object

The right to object means individuals have the right to object to direct marketing (including profiling), processing based on legitimate interest, and purposes of scientific/historical research and statistics, in which case you must stop processing personal data immediately and at any time, with no exemptions or grounds to refuse, free of charge.

Ensure you are informing individuals of their right to object in your privacy notice and “at the point of first communication”. If you process personal data for research purposes, or for the performance of a legal task or your organisation’s legitimate interests, see further details here. If your processing activity is one of the above and carried out online you must offer the option to object online, e.g. through your website.

8. Automated decision making and profiling rights

If any of your processing operations constitute automated decision making including profiling (such as insurance firms), individuals have the right not to be subject to a decision and must be able to obtain human intervention, express their point of view, and obtain an explanation of the decision and challenge it. The right does not apply if the automated decision is a contractual necessity between you and the person, if it’s authorised by law, or if based on explicit consent. Find further details here.

Sage 200 News

Making Tax Digital (MTD) and Sage 200 Q&A

Making Tax Digital (MTD) is going to fundamentally change the administration of the tax system in the UK and will impact the majority of UK businesses and will most likely affect your Sage 200 software.

read more

Realitex200 News

Sage CRM News

Sage CRM 2019 R1 Product Release

We’re delighted to announce the release of the latest version of Sage CRM – 2019 R1 bringing increased encryption for user passwords, an improved calendar as well as the usual enhancements and defect fixes.

read more

Sage CRM 2018 R3 Product Release

What’s new? Full details of the fixes and enhancements can be found in the release notes available from the Help Centre, they include:Calendar – create quick appointments for other users, view calendar items as a list. Quickfind – search by postal address, email...

read more

Our latest tweets...

Tame your #Android notifications with these 5 tips and tricks bit.ly/2Ob1mXn #TechTips

test Twitter Media - Tame your #Android notifications with these 5 tips and tricks https://t.co/l5uZKwDUBS

#TechTips https://t.co/Uxh2Cd07pL

Congratulations and thank you to #Realitex200 Consultant Alan! 👏👏 Who today celebrates his 17th year with the Wharncliffe team.

test Twitter Media - Congratulations and thank you to #Realitex200 Consultant Alan! 👏👏 Who today celebrates his 17th year with the Wharncliffe team. https://t.co/exRUsuMzfy