What are your GDPR rights as an individual?
There is so much “noise” out there about this important subject isn’t there? But, do you know what your rights are when it comes to GDPR?
We are being inundated by email opt-ins, sometimes from businesses we didn’t even realise had our contact information in the first place. What does it all mean and how does it affect you as the “data subject”? What even is a “data subject”? What is personal data? What’s all the fuss about?
It feels as though the real message has got lost along the way – not really surprising when you think that this is the biggest shake up of any law I’ve ever known. It affects EVERYONE – individuals and business owners.
The Objective of GDPR
So let’s look the key objective of GDPR (General Data Protection Regulation) – it is to ensure the privacy and protection of the personal data of data subjects in a changing world. To ensure this happens GDPR empowers the data subject, that’s you, with certain rights. Through these rights, the individual can be reassured that their data is not being misused for any other purposes than it was initially used for. How many times have you wondered how on earth someone got your email address and why they were emailing you? And what can you do about it from 25 May 2018 onwards?
The GDPR came out of a human rights movement – it a mindset change – data now belongs to you not to a business – how cool is that!
Individuals will have to be given much more information about how their data is processed and who by. So, what is “processing” in this context? The GDPR defines processing as more or less any aspect of touching data, including storage, transmission (e.g. email blasts) or alteration (updates).
A data subject has rights as a customer, an employee and as personnel of a supplier, regardless of whether they opted in or were contacted under Legitimate Interests.
There are 8 Individuals rights:
1. Right to be informed
2. Right to access
This gives the individual the right to ask for access to their data that is being processed. The subject can see or view their data, or request copies of the personal data.
3. Right to rectification
This gives the individual the power to amend or change their data. This should generally be processed in a period of four weeks, or eight weeks if the situation is complicated.
4. Right to erasure (also known as the right to be forgotten)
This allows the individual to ask for their data to be deleted. This usually happens when a customer relationship has ended. It is worth pointing out that this is not an absolute right and it is dependent on it complying with other laws that cover this.
5. Right to restrict processing
6. Right to data portability
7. Right to object
8. Rights related to automated decision making and profiling
You can refuse to be part of an automated process. For example if you are applying for a loan, you can ask for your data to be processed manually because you believe the automated processing will not consider your individual situation fully.
How to contact a business about one of your Individuals Rights
You, or a legal representative, can make a rights request. It should be done in writing. You can do this as a customer, an employee or as personnel of a supplier working for a company.
Businesses will have to respond to you within a certain time frame when you contact them about your individual right (usually 30 days) and can’t charge you, unless the request is considered manifestly unfounded or excessive request.
What to do if you believe one of your Individuals Rights has been breached?
- Contact the company using the relevant Subject Access Request form, if they have one – and companies that are taking this seriously will.
- If that doesn’t achieve the desired result then the ICO will be able to help and advise you.
If you would like to know more then the ICO has lots of useful information and they have recently set up a Twitter Channel: YourDataMatters
If you a business owner and are not compliant then talk to us, we can help you. Remember you are not only risking fines, but damage to your reputation.