The changes introduced by the GDPR in 2018 are substantial and aim for a higher level of data protection. The Regulation is again a wide-ranging piece of legislation passed by the EU and introduces new concepts like the ‘right to be forgotten’ and data portability (to call out only a few) which will take some getting used to.
The four new rights for the individual are:
- Rectification, this concerns the right to see your own data and to have it rectified;
- Erasure, popular under the term “right to be forgotten” as this concerns the right to have your data erased;
- Data Portability, which is the right to have your data transferred to a different processor/controller;
- Objection for direct marketing concerns the right to have a controller and processor stop processing for the purpose of direct marketing.
I have listed an overview of the key requirements from two perspectives, the individual rights and the obligations of the organisation.
|The rights of the individual:
||The obligations of the organisation: