GDPR (General Data Protection Regulation) is an overhaul of data-privacy laws in Europe that’s designed to give greater protection and rights to individuals, especially those who allow companies to use their personal information in exchange for ‘free’ services.
In the UK, GDPR replaces the Data Protection Act 1998 . GDPR’s tougher privacy rules give us more control over how organizations use our data. The new regulation imposes harsher penalties on companies if they fail to comply with these rules by not adequately protecting our personal information, and on organizations that
suffer avoidable data breaches.
GDPR-Know Your Rights
As ‘data subjects’, we benefit greatly from the GDPR’s tough data-protection rules, but it’s important to know how. Here’s a summary of the new rights it gives us
Right to be informed
This is a key transparency requirement under the GDPR that means companies must
tell you their purposes for processing your personal data, how long they will retain that data and who it will be shared with. This ‘privacy information’ must be provided at the time the data is collected, in a way that is easy to access and understand.
Right of access
GDPR entitles you to confirmation that your data is being processed, and a copy of that information–free of charge and within one month. If companies refuse to oblige,they must explain why.
Right to rectification
You can now request, either verbally or in writing, that inaccurate or misleading data
stored about you is corrected or, if details are missing, completed. Companies must
respond within one month, although in certain circumstances they can refuse the request.
Right to erasure
Otherwise known as the ‘right to be forgotten’, this allows you to request that your personal data be erased if there is no legitimate reason for the company to be holding it, if you object to what it’s being used for (such as direct-marketing purposes); if the data relates to a child; and various other reasons.
The data controller is responsible for telling other organizations – for example, Google – to delete any links to copies of that data, as well as the copies themselves.
This is one of the most complex rights, so it’s worth reading the full ICO article linked to above.
Right to restrict processing
This is an alternative to requesting the erasure of your data and means you can stop companies continuing to collect and use your data, although they are still permitted to store it.
Right to data portability
This right allows you to obtain and reuse your personal data for your own purposes, and copy or transfer it from one service to another in a secure way.
That data may include your browsing and search history, traffic and location information, and raw data processed by smart devices.
The data must also be provided in a structured, commonly used and ‘machine-readable’ format,such as CSV, JSON or XML.
As we explain in this feature, many sites now offer a dedicated tool for downloading your data. You can also contact a company to request your data and they must reply within one month.
Right to object
At its strictest, this rule lets you force companies to stop processing your data because you object to what it’s being used for. In the case of direct marketing, they have no grounds to refuse, but if your data is being collected for research that’s in the public interest, they’re not obliged to comply. Companies must now offer a way for you to object online.
You may also like to read these awesome articles