The GDPR and You – Know Your Rights

While much of the focus of online discussion centres on the impact that the General Data Protection Regulation (GDPR) is going to have on businesses, and the way in which they handle, store and use data, let us not forget that these are regulations applied for the protection of the rights of individuals.

The impact of the GDPR

With this in mind, we gathered together the individuals at UpriseVSI to practice what we preach and highlight just what the GDPR will mean to us both personally and commercially.

Our technical director, Mark Thomas, highlighted a few of the most important aspects that will impact on the way that businesses deal with their customers and vice versa.

Here, we look at GDPR in relation to the rights of individuals. And, to borrow a line from the Life of Brian (any excuse):

“We are all individuals!”

You gotta fight for your right to data

GDPR offers clear guidelines on how companies store, use, and share any personal data they may have within their organisation. It’s a protection of our rights and our identities and something that offers a benefit to all citizens within its jurisdiction.

The laws will provide clarity to Data Controllers and Processors about what they can and cannot do when handling data; while offering individuals accessibility, transparency, protection and recourse.

So, what will these rights look like, when they come into force on the 25th May?

In the list below, we take a look at the basic rights, as defined by the Information Commissioners Office (ICO), the UK regulatory body for GDPR.

1. The right to be informed

It must be made clear to individuals what information you are processing, usually through a privacy policy, and ensure you are transparent. Interestingly, the detail includes an obligation to present any automated decision making or profiling, together with the consequences.

2. The right of access

Not only do you need to provide access to an individual’s data, but also lawfulness of that data processing. Providing this information must be free to individuals and made available as soon as possible to a maximum of 1 month.

3. The right to rectification

Any data held on an individual will need to be correct, and if incorrect, the company must allow for rectification. This will help both companies and individuals where data has become perhaps outdated or simply wrong.

4. The right to erasure

One of the most important aspects is the right to be forgotten, which marks an important step change. This means the complete deletion and removal of all data where there is no compelling reason for continued processing.

5. The right to restrict processing

Another important right allows an individual to supress or block the processing of data. The data can still be retained and stored, but no further processing is permitted. It is permissible to store only the data necessary to ensure no further processing occurs.

6. The right to data portability

It is often useful for individuals to take data from one organisation to another, and this right ensures this can happen in a safe and secure way without obstruction.

7. The right to object

Individuals can now object to data being processed based on legitimate interest or performing a task in the public interest. More importantly for many, individuals can object to the processing of their data for marketing, research and statistics.

8. Rights in relation to automated decision making and profiling

Automated decision making is any processing without human involvement and profiling where personal data is processed to evaluate certain things about an individual.

This type of processing can only be done where there is a legal basis, authorisation by law or explicit consent. Which brings us back to our very first point that you need to inform individuals about how you are processing their data.

Helping your compliance

At UpriseVSI our Customer Relationship Management (CRM) database applications help you maintain and adhere to your GDPR obligations. The thinkCRM system has features that enable you to erase, change or port an individual’s data.

Further, the application will quickly and easily allow you to rectify any individual data and facilitate access requests.

For more information or to learn more about how UpriseVSI can offer technology solutions to help your company achieve closer GDPR compliance, get in touch today.

Categories: GDPR, Technology

Related Blogs

Feel free to get in touch

Top