Under GDPR, individuals will benefit from increased rights against those offered in the Data Protection Act:
- The right to be informed
This encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how you use personal data –
The options here are many and varied. The evidence of information being fairly processed will be available with a mouse click at every step of the processing of any information. With regards to how that information reaches the party requesting it, options from automatic email updates to the owner of the personal information, informing them of the details being stored and for how long, to digital forms being provided to either give or confirm permissions against storage/processing, and everything in between. We can ensure this information exchange is smooth, compliant and painless.
- The right of access
Under the GDPR, individuals will have the right to obtain confirmation that their data is being processed, access to their personal data, and other supplementary information –
Along with the benefits noted in The right to be informed, the option to offer a “Guest” login to your software solution, allowing the logger of the query to view ONLY the information relating to them personally would be available. Alternatively, depending on the depth of their enquiry/requirements, reports can be provided allowing clarity on the information stored relating to them at all times.
- The right to rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete –
Much like the other points in this section, the struggle lays not in the facilitation of a dialogue with the requester, but in the finding of the information requested in the first place, along with tangible evidence of where this information has been, why it’s been there and who’s eyes have been on it. Using our comprehensive search functionality for stored information & the background evidence trail, there is no hiding place for either the information, or the parties involved in processing it. Notifying the person in question is the easy part. And with our help, both finding the information and proving good, fair & compliant practice, also becomes a pain free and simple task.
- The right to erasure
The right to erasure, also known as “The right to be forgotten”. Simply meaning an individual has the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing –
Once again, having solved the larger issue of locating all relevant information quickly and painlessly in the first instance, as noted in previous points, the removal/deletion of this (subject to legal retention procedures of course) is made simple and fast.
- The right to restrict processing
Previously with the DPA (Data Protection Act), individuals had a right to block or suppress processing of personal data. Under the GDPR, this will remain very similar. When processing is restricted, you are permitted to store, but not process the information –
In this event, simple steps can be taken to ensure compliance. For instance, the information in question can be stored in a limited access location and/or locked as a ‘read only’ file. Meaning, under no circumstance can it be used for any purpose other than that explicitly intended.
- The right of data portability
This allows individuals to obtain and re-use their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability –
As long as the physical sharing of this information is in keeping with your own internal regulations, information can be downloaded/shared/provided in whichever form it is obtained in directly to the intended recipient without stress or delay, as a result of the streamlined search and locate functionality provided, coupled with the ease of mobile or off-site access for permitted parties.
- The right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest (including profiling), direct marketing (including profiling) and processing for the purpose of scientific or historical research and statistics –
By the nature of this point, it would require reactive, rather than proactive action. Should a processing objection be made, steps can be put in place at any point of the information’s lifespan within our solutions, introducing conditions/permissions/safeguards to protect not only the interest of the request, but also those of you and your business.
- Rights in relation to automatic decision making and profiling
The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. These rights work in a similar way to those existent under the DPA –
A far broader point than those that precede it, with our solutions in place any and all conditions can be applied to the storing/processing/handling of information and/or documentation, meaning that whilst this point primarily alludes to the protection of the hypothetical person contacting you and your business, there can be no circumstance that you would find yours
Written by Chris Hawkes