Under GDPR, individuals have 8 distinct rights which can be used to govern how their personal data is handled by organisations. They are as follows and can also be viewed on the ICO website:
1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
While all eight of the rights obviously need to be considered and every organisation will need to have processes in place to deal with any requests, it’s likely that the vast majority will involve only a few of the rights.
The right to be informed and the right to erasure will likely constitute a great many of the requests: The right to be informed is very much what it sounds like, individuals will have the right to know how their data is processed and will require transparency on the part of the data controller; The right to erasure is sometimes called ‘the right to be forgotten’ and concerns an individual’s right to have their data entirely deleted under certain circumstances.
You might also see some requests relating to the right of access and the right to object: the right of access is quite self-explanatory and allows individuals to requests access to the data that is held about them; the right to object is interesting in that it provides individuals the ability to object to several things, including direct marketing and profiling.
Mark James, ESET IT Security Specialist, had this to say about the changes that average consumers could see very quickly:
“The average consumer should see a change in how their data is being used in the everyday tasks of accessing digital media.
“The common practise of retrieving as much information as possible when signing up to an informational website should decrease.
“We should also see easier processes that would enable us to retrieve a clear idea of how much and what data is being held by the companies we interact with.
“It would be nice to think that unsolicited marketing activities will cease, but there are already processes in place to stop it and we still get plagued all too often.
“The new huge fines that could potentially be imposed on businesses that flout the rules will almost certainly cause a decline at the very least.”
Request a copy of ESET’s GDPR Whitepaper to learn more: http://landing.eset.co.uk/fsb_blog