Wednesday, March 7, 2018

GDPR and the Rights of Data Subjects


If you're preparing for compliance with the EU's new General Data Protection Regulation (GDPR), which comes into full force on May 25 of this year, the first thing you need to focus on is the rights of data subjects, because those rights are at the core of the legislation.
Here is a fairly detailed, though not exhaustive description of the rights of data subjects under the GDPR.

Data subjects have the right:
  • To be informed - data subjects have the right to know what private information of theirs the data controller/processor possesses.
  • To access - data subjects have the right to view this information.
  • To correct - data subjects have the right to rectify and update this information.
  • To erase - data subjects have the right to be forgotten (subject to other regulatory requirements).
  • To restrict processing - data subjects have the right to determine and limit the way that organizations can use their information.
  • To portability - data subjects can specify when and how their information can be shared with other organizations.
  • To object - data subjects have a mechanism to appeal how their private information is being captured, retained and processed, and to seek redress for demonstrable mishandling of their private information.
  • To understand and determine level of consent - data subjects must clearly consent to the use of their private information with regard to profiling and the analytical use of their private information.

This last right may have great significance for BI practitioners, as it determines how you can process and use the information collected from data subjects.

No comments:

Post a Comment