20th August 2018
If GDPR applies to you, then you have some legally binding obligations. These are overarched by the principles set out in Article 5 of the GDPR and we’ll go over these here, they are:
You don’t just have to demonstrate compliance with these key principles, but you are also required to protect these rights that all citizens now have:
-Right of Access (Article 15)
Any data subject can request the information you hold on them and it must be provided in a timely manner and without charge. As with any request if there is industry regulation such as the FCA or legal requirements then this would trump the GDPR.
-Right to rectification (Article 16)
If the data you hold is incorrect you have to correct it, and if you have passed this incorrect data on to third parties (with their subjects consent of course!) then you must also notify them of the corrections to me made.
-Right to Erasure (Article 17)
Individuals will be able to demand that you delete them from your systems in their entirety. There are areas that are out of scope on this where it is not feasible or technically impossible, e.g. server backups or a piece of micro-fiche.
-Right to request restriction of processing (Article 18)
Data subjects will be able to obtain the restriction of processing where;
The controller has to communicate any rectification or erasure of personal data or restriction of processing carried out.
-Right to Data Portability (Article 20)
The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller.
-Right to Object to Processing (Article 21)
The data subject now has the right to object, on grounds relating to his or her particular situation.
-Right to not be profiled (Article 22)
The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
These are only snippets of the GDPR articles but hopefully it gives you a feel for your new obligations and rights of individuals under GDPR. You’ll need to read, or seek advice on the full implications for your business. You can see all the Articles here for full reading.
Talk to one of our friendly experts.
Keen to learn more? Explore our other resources on Connectivity Solutions below:
Take a look at our most recent articles
Download our free 25 point checklist to help give you peace of mind that you've got the best system in place for your business needs.