6 Privacy Rights that Underpin the GDPR
Beginning May 2018, the General Data Protection Regulation (GDPR) will be in force. The European Union regulation enforces new administrative and legal responsibilities for organizations. But we should never forget the reason: to ensure the rights of citizens to have control over their personal information.
6 Privacy Rights
The goal of the GDPR is to give European citizens more control over their own private information in a digitized world of smartphones, social media, internet banking, and global transfers. The GDPR assigns the following 6 rights to them:
- The right of a person to be informed when personal data relating to him is gathered. Further, the person has the right to know the reason for this.
- The right of inspection. The person is allowed to see which data about her an organization has stored.
- The right to obtain the erasure of personal data (the right to be forgotten). On this hot topic, please see the next paragraph.
- The right to processing restrictions. A person can contest the use of inaccurate data or data that is no longer needed for the purpose of the processing.
- A person's right to have his personal data transferred to other data processors. He has the right to have his data transmitted directly from one controller to another.
- The right not to be subject to a decision based solely on automated processing, including profiling. This right seems to be far-reaching because many business decisions are based on among other things such as ZIP-codes (banking loans). But the word “solely” and the many exceptions in the legal text, lead to another conclusion. It is doubtful this right is really enforceable.
Any breach of these rights qualifies for sanctions. It is therefore essential to set up procedures for complying with these principles and rights. You must be able to demonstrate these procedures.
The Right to be Forgotten
The previously mentioned “right to be forgotten” needs some clarification. When an individual no longer wants his data to be processed and provided that there are no legitimate grounds for retaining it, the data will be deleted.
When applied to the Internet, this right is controversial. Wikipedia co-founder Jimmy Wales described the EU's Right to be Forgotten as deeply immoral. He warned the ruling would result in an Internet riddled with "memory holes."
It should be clear; this right is about protecting the privacy of the non-public individual, not about erasing past events or restricting freedom of the press. Freedom of expression, as well as historical and scientific research, are safeguarded. For example, no politician will be able to delete their remarks from the World Wide Web. This will allow news websites to continue operating as they have before.
More Information about the GDPR
The white paper “Data Protection – Compliance is a Top-Level Sport” gives advice about GDPR compliance. It is written by Renate Verheijen, Legal & HR Counsel at Madison Gurkha. She maps out the consequences of the GDPR and guides you through the tests and trials that lie ahead.
Furthermore, the EXIN Privacy & Data Protection Program covers the required knowledge of regulations relating to data protection. It will certify professionals with the required level of knowledge to face these challenges and opportunities.
The program expands your portfolio with a subject in high demand. This certification will strengthen your career opportunities and credibility in your field. Both you and your employer will reap the benefits!