The UK General Data Protection Regulations protect the personal data of living people. Personal data includes names, birthdays, addresses, National Insurance numbers and much more. The aim is to ensure confidentiality, reduce identity fraud and also to protect people from unwanted marketing activity.
Anyone who handles personal data must comply with 7 principles that act as a set of rules for processing information. However, failure to comply can have serious consequences, potential penalties of millions of pounds, the real threat of business insolvency and loss of reputation.
Who has rights under the GDPR?
You have legal rights under the GDPR if you are a data subject, and pretty much everyone in the UK is a data subject.
You are a data subject if any organisation processes personal information about you. So, for example, if you have a bank account, a medical record or shop online then you are a data subject and you have 8 data subject rights about the informaion that relates to you.
What are your rights under the GDPR?
There are 8 data subject rights under the GDPR. These rights must be upheld by organisations that store and process personal information about you.
- The right to be informed – You have a right to know what data is collected about you, how it will be used, who it will be shared with and also how long it is likely to be stored.
- The right of access – You have a right to access your own data. You can request a copy of the data that an organisations has recorded about you.
- The right to rectification – You have the right for information held about you to be accurate. If it is not then an organisation must correct any errors on your request.
- The right to erasure – You have the right to ask that information about you is deleted. This right does not apply in all situations.
- The right to restrict processing – Where your right to have information deleted does not apply, you may have the right to restrict processing of the information.
- The right to data portability – You have a right to data portability – so you can obtain and reuse your data on another service.
- The right to object – You have the right to object to your data being processed and an organisation must inform you of this right in their first communication with you.
- Rights relating to automated decision making and profiling – You have the right to specify that you do not want important decisions about you to be made automatically without human intervention.
What to do if your rights are breached
If you believe any of your rights have been breached then you should initially write to the organisation that processes your data. This will give them a chance to sort out the issue. If they fail to take action then you can write to the Information Commissioner’s Office. You’ll need to collect evidence to support your complaint.
When does the right to have information deleted apply?
Your right to have your data deleted applies if:
- The data is no longer needed for the purpose for which it was collected.
- The data was collected with your consent and you withdraw that consent.
- There is no overriding legitimate interest for the processing.
- The data is used for direct marketing.
- The data is being processed unlawfully.
- The data is used to offer information services and you are a child.
Need Data Protection and GDPR training?
We offer an online Data Protection and the GDPR Course that gives an overview of the purpose and scope of GDPR principles. The course also describes how the regulations protect personal data and how they affect organisations and individuals.
If you have any questions about our online GDPR course, please don’t hesitate to contact our friendly support team support@i2comply.com.