GDPR and You

Next story

GDPR, or the General Data Protection Regulation, represents not only a massive change for some businesses but how you can control how your personal data is used.

Under GDPR, you have 8 distinct rights which can be used to govern how your personal data is handled by organisations. They are as follows and can also be viewed on the ICO website:

1.       The right to be informed

2.       The right of access

3.       The right to rectification

4.       The right to erasure

5.       The right to restrict processing

6.       The right to data portability

7.       The right to object

8.       Rights in relation to automated decision making and profiling

While all 8 of the rights obviously need to be considered and every organisation will need to have processes in place to deal with any requests, it’s likely that the vast majority will involve only a few of the rights.

The right to be informed and the right to erasure will likely constitute a great many of the requests: The right to be informed is very much what it sounds like, you will have the right to know how your data is processed and will require transparency on the part of the data controller.

The right to erasure is sometimes called ‘the right to be forgotten’ and concerns your right to have your data entirely deleted under certain circumstances.

Some might also use the right of access and the right to object: the right of access is quite self-explanatory and allows you to requests access to the data that is held about you.

The right to object is interesting in that it provides you the ability to object to several things, including direct marketing and profiling.

 

Instant changes?

Mark James, ESET IT Security Specialist, had this to say about the changes that average consumers could see very quickly:

“The average consumer should see a change in how their data is being used in the everyday tasks of accessing digital media.

“The common practise of retrieving as much information as possible when signing up to an informational website should decrease.

“We should also see easier processes that would enable us to retrieve a clear idea of how much and what data is being held by the companies we interact with.

“It would be nice to think that unsolicited marketing activities will cease, but there are already processes in place to stop it and we still get plagued all too often.  

“The new huge fines that could potentially be imposed on businesses that flout the rules will almost certainly cause a decline at the very least.”

Will you, or have you previously, exercised one of these rights? Let us know on Twitter @ESETUK.