GDPR: Your 8 Rights as Individuals

by | Dec 7, 2018 | Resource, Wharncliffe News

General Data Protection Regulation (GDPR) provides 8 main rights for individuals and strengthens those that already exist under the previous titled Data Protection Act. Below are the 8 main rights for individuals and a brief explanation of each to give you a better understanding of them.

1. The right to be informed

The right to be informed states how the information you supply about the processing of personal data must be, typically in a privacy notice:

  1. concise, transparent, intelligible and easily accessible;
  2. written in clear and plain language, particularly if addressed to a child; and
  3. free of charge.

The information you supply is determined by whether or not you obtained the personal data directly from individuals. For more detail and what information you must supply to individuals at what stage, click here.

2. The right of access

Under the right of access, you must be able to provide processing confirmation and access to an individual’s data free of charge and provide it in a commonly used format – an electronic format if the request is made electronically. Ensure careful planning of this if dealing with multiple systems so you can achieve high efficiency to counter the fact that the information must now be accessed free of charge.

3. The right to rectification

Individuals are entitled to have their personal data rectified if inaccurate or incomplete and you must respond to a rectification request within one month if not deemed complex. You must inform related third parties where possible if the personal data is disclosed to them also.

4. The right to erasure

‘The right to be forgotten’, or right to erasure means you must have procedures in place for removing or deleting personal data easily and securely where there is no compelling reason for possession and continued processing.

5. The right to restrict processing

Individuals have the right to ‘block’ or restrict processing of personal data, in the following circumstances outlined by the ICO:

  • “Where an individual contests the accuracy of the personal data, you should restrict the processing until you have verified the accuracy of the personal data.”
  • “Where an individual has objected to the processing (where it was necessary for the performance of a public interest task or purpose of legitimate interests), and you are considering whether your organisation’s legitimate grounds override those of the individual.”
  • “When processing is unlawful and the individual opposes erasure and requests restriction instead.”
  • “If you no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.”

You must inform any third parties that are also involved with the data about the restriction, and inform individuals when you remove a restriction on processing.

6. The right to data portability

The right to data portability allows individuals to obtain and reuse their personal data across different services for their own purposes. The right only applies:

  1. to personal data an individual has provided to a controller;
  2. where the processing is based on the individual’s consent or contract; and
  3. when processing is automated.

The right allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting usability. Therefore if a client on your site cannot quickly download their account transactions for example, this will need to be amended.

7. The right to object

The right to object means individuals have the right to object to direct marketing (including profiling), processing based on legitimate interest, and purposes of scientific/historical research and statistics, in which case you must stop processing personal data immediately and at any time, with no exemptions or grounds to refuse, free of charge.

Ensure you are informing individuals of their right to object in your privacy notice and “at the point of first communication”. If you process personal data for research purposes, or for the performance of a legal task or your organisation’s legitimate interests, see further details here. If your processing activity is one of the above and carried out online you must offer the option to object online, e.g. through your website.

8. Automated decision making and profiling rights

If any of your processing operations constitute automated decision making including profiling (such as insurance firms), individuals have the right not to be subject to a decision and must be able to obtain human intervention, express their point of view, and obtain an explanation of the decision and challenge it. The right does not apply if the automated decision is a contractual necessity between you and the person, if it’s authorised by law, or if based on explicit consent. Find further details here.

Sage 200 News

Sage Monthly Reports

Every month Sage offers a FREE monthly report, we post details of these on our social media and have embedded Sage's page below where you can find details of this month's and previous month's reports. Just contact us on 01226 361100 to get any of these free Sage...

read more

Realitex200 News

Introducing Realitex200 .Net

Wharncliffe is delighted to announce the next generation of our market-leading solution for carpet, flooring, textiles, and artificial grass, code named: Realitex200 .Net. Delivering the very latest in software design and user interface benefits, this super-charged...

read more

Sage CRM News

Sage CRM 2018 R3 Product Release

What’s new? Full details of the fixes and enhancements can be found in the release notes available from the Help Centre, they include:Calendar – create quick appointments for other users, view calendar items as a list. Quickfind – search by postal address, email...

read more

What We're Saying

#GoogleChrome to start blocking intrusive ads worldwide, first launched this feature in North America and Europe. The filter, which is going global in July, removes only the most intrusive, annoying types of ads. bit.ly/2SWr5Er #browser #TechnologyNews #tech

test Twitter Media - #GoogleChrome to start blocking intrusive ads worldwide, first launched this feature in North America and Europe. The filter, which is going global in July, removes only the most intrusive, annoying types of ads.  https://t.co/0rKqQXChSC 

#browser #TechnologyNews #tech https://t.co/C8DKcp6VFu

Get a new #AmazonEcho device for Christmas? Check out some funny things to ask #Alexa when you want the voice assistant to show off her sense of humour or unveil a hidden easter egg. bit.ly/2HdzbaD

test Twitter Media - Get a new #AmazonEcho device for Christmas? Check out some funny things to ask #Alexa when you want the voice assistant to show off her sense of humour or unveil a hidden easter egg. https://t.co/SR2pb5twu9 https://t.co/5J192cRqOk