Four new rights of the individual

The changes introduced by the GDPR in 2018 are substantial and aim for a higher level of data protection. The Regulation is again a wide-ranging piece of legislation passed by the EU and introduces new concepts like the ‘right to be forgotten’ and data portability (to call out only a few) which will take some getting used to.

The four new rights for the individual are:

  1. Rectification, this concerns the right to see your own data and to have it rectified;
  2. Erasure, popular under the term “right to be forgotten” as this concerns the right to have your data erased;
  3. Data Portability, which is the right to have your data transferred to a different processor/controller;
  4. Objection for direct marketing concerns the right to have a controller and processor stop processing for the purpose of direct marketing.

I have listed an overview of the key requirements from two perspectives, the individual rights and the obligations of the organisation.

The rights of the individual:

  • Rectification (NEW)
  • Erasure (NEW)
  • Data Portability (NEW)
  • Objection –Absolute for direct marketing (NEW)
  • Restrict processing (put on hold)
  • Automated decisions and profiling
  • Access to data
  • Remedy from supervisory body/court
  • Compensation for Damage
  • Compensation for Distress
The obligations of the organisation:

  • Consent harder to obtain/prove
  • Privacy notices more detailed/clearer
  • Proactively Demonstrate Compliance
  • Breach Notification (72 hours) -To individual and regulator
  • Appointment of Data Protection Officer (250+, or high-risk processing)
  • Privacy by Design
  • Privacy Impact Assessments
  • More obligations for Processors (Joint Controllership)

Be the first to comment

Leave a Reply

Your email address will not be published.