Under GDPR individuals have the following rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Transparency is a key principle of the GDPR. Individuals should be told why, how, who and how long their data will be processed – known as privacy information. This should be included in your privacy notice when collecting data. The privacy notice must be clear and easy to understand.
In our industry the right to erasure is particular relevant since the same data may exist in several places. It is very important that data is only kept in one place and deleted from all others to ensure erasure is complete and thorough when requested. This should be part of any company’s GDPR implementation process.
Minimisation is key when considering obligations under GDPR. Only collecting data that is absolutely necessary, storing it securely only in one place and ensuring everyone understands their obligations will make implementation and ongoing adherence much simpler.