Child pages
  • GDPR Guidance and Interpretation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

from Customer Commons and Kantara CISWG

 

 



Assumption – We are building a website/ wiki that can stand on its own within CustomerCommons.org (and a Kantara site should Kantara agree) as guidance to individuals, and also act as a reference that others can build on. Our objective is it maximize the positive impact of GDPR for individuals.

 


References

 


http://www.eugdpr.org/ (the official site) 

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/

http://www.gdprwiki.com/

 

 


INTRO

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years - we're here to make sure you're prepared.

...

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The key things you as an individual need to know about the GDPR are below.

Scope

Definitions

 

An Individuals Rights/ Your Rights Under GDPR

1)   Right to access dataThe right to be informed

What this means (guidance for organisations):

The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how you use personal data.

What this means (guidance for individuals):

Examples

2)    Right The right to erasureaccess

What this means (guidance for organisations)

Under the GDPR, individuals will have the right to obtain:

  • confirmation that their data is being processed;
  • access to their personal data; and
  • other supplementary information – this largely corresponds to the information that should be provided in a privacy notice (see Article 15).

These are similar to existing subject access rights under the DPA.

What this means (guidance for individuals):

Examples

3)   Right The right to portabilityrectification

What this means (guidance for organisations):

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.

Examples

4)   Right to rectificationThe right of Erasure

What this means (guidance for organisations):

What this means (guidance for individuals):

Examples

5)   Right The right to restrict processing

What this means (guidance for organisations):

Under the DPA, individuals have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar.

When processing is restricted, you are permitted to store the personal data, but not further process it. You can retain just enough information about the individual to ensure that the restriction is respected in future.

What this means (guidance for individuals):

Examples

6)   Right The right to be informedportability

What this means (guidance for organisations):

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

What this means (guidance for individuals):

Examples

7)   Right The right to object

What this means (guidance for organisations):

Individuals have the right to object to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • direct marketing (including profiling); and
  • processing for purposes of scientific/historical research and statistics.

What this means (guidance for individuals):

Examples

8) Rights related to automated decision making and profiling

What this means (guidance for organisations):

The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention. These rights work in a similar way to existing rights under the DPA.

Identify whether any of your processing operations constitute automated decision making and consider whether you need to update your procedures to deal with the requirements of the GDPR.

What this means (guidance for individuals):

Examples

Other Relevant Aspects of GDPR

 


Breach Notification

 


Forward Looking Scenarios