GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they can contact you and request the following actions.
Under GDPR, data subjects have the right to ask to view what data you store about them. If you have stored data in paper files, GDPR still applies and this may pose an obvious challenge. Also, whereas the Data Protection Act allowed businesses to ask for a nominal charge for subjects to see their data, under GDPR this will be free.
Your company / organisation must not hold data about a person for longer than is necessary, must not change the use of the data from the purpose for which it was originally collected (when consent was given for that specific purpose), and must delete any data about a subject at the request of that data subject.
This gives subjects the right to opt out completely i.e. ‘the right to be forgotten’. GDPR does not, however, over-ride all individual country / industry laws on this issue i.e. banking laws where some of your details may need to be retained.
Article 12 of the GDPR specifies that a request for access or destruction of personal data must be free of charge, easy to make and must be fulfilled without ‘undue delay’ and at the latest within one month (although it is currently understood that this may take longer in some cases).
This is one important way in which GDPR differs from previous data laws, and puts control back in the hands of the data subject.
Companies and organisations must provide an accessible way for data subjects to unsubscribe from / opt out of receiving online and offline communications that they have previously consented to. The company / organisation must comply with the request, and record when the request was made.
Your customers / data subjects will have a ‘right of portability’. This means that, under GDPR, a person can force a company to transfer all data that is stored about them to a competitor and that company cannot refuse. This could be particularly challenging for large companies.
Customers can ask companies / organisations not to combine their personal details with (for example) their purchase history to enable profiling that could take the form of e.g. targeted advertising. This could have serious implications for some aspects of marketing e.g. grocery retailing.
Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.