The GDPR creates some new rights for individuals and strengthens some of the rights that currently exist under the DPA.
Right to be informed
The obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how personal data is used.
Right of access
Individuals have the right to obtain confirmation that their data is being processed; access to their personal data; and other supplementary information. This corresponds to the information that should be provided in a privacy notice and are similar to existing subject access rights under the DPA.
Right of rectification
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. If it has been disclosed to third parties, the subject must be informed of the rectification where possible. The individuals must also be informed about the third parties to whom the data has been disclosed.
Right to erasure
The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
Right to restrict processing
Individuals have a right to ‘block’ or suppress processing of personal data. When processing is restricted, their personal data can be stored, but not processed any further. Just enough information can be retained about the individual to ensure that the restriction is respected in future.
Right to data portability
Individuals can obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
Right to object
Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Rights related to automated decision making and profiling
Provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention and works in a similar way to existing rights under the DPA. Processing operations that constitute automated decision making should be identified and procedures updated.
Subject Access requests
Individuals will have the right to obtain confirmation that their data is being processed; access to their personal data; and other supplementary information which largely corresponds to the information that should be provided in a privacy notice.
Find out more about Solvassure