GDPR, data, protection, security, cyber security, customer data, flaw

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they can contact you and request the following actions.

The Right To View Data

Under GDPR, data subjects have the right to ask to view what data you store about them. If you have stored data in paper files, GDPR still applies and this may pose an obvious challenge. Also, whereas the Data Protection Act allowed businesses to ask for a nominal charge for subjects to see their data, under GDPR this will be free.

The Right To Be Forgotten

Your company / organisation must not hold data about a person for longer than is necessary, must not change the use of the data from the purpose for which it was originally collected (when consent was given for that specific purpose), and must delete any data about a subject at the request of that data subject.

This gives subjects the right to opt out completely i.e. ‘the right to be forgotten’. GDPR does not, however, over-ride all individual country / industry laws on this issue i.e. banking laws where some of your details may need to be retained.

Article 12 of the GDPR specifies that a request for access or destruction of personal data must be free of charge, easy to make and must be fulfilled without ‘undue delay’ and at the latest within one month (although it is currently understood that this may take longer in some cases).

This is one important way in which GDPR differs from previous data laws, and puts control back in the hands of the data subject.

The Right To Withdraw Consent

Companies and organisations must provide an accessible way for data subjects to unsubscribe from / opt out of receiving online and offline communications that they have previously consented to. The company / organisation must comply with the request, and record when the request was made.

The Right of Portability

Your customers / data subjects will have a ‘right of portability’. This means that, under GDPR, a person can force a company to transfer all data that is stored about them to a competitor and that company cannot refuse. This could be particularly challenging for large companies.

The Right To Not Be Profiled

Customers can ask companies / organisations not to combine their personal details with (for example) their purchase history to enable profiling that could take the form of e.g. targeted advertising. This could have serious implications for some aspects of marketing e.g. grocery retailing.

"These guys are the real deal. Professional and tailored service. Using top of the line tools."

Software developer, London
IT reoport, Essex, London, southend

DPIA – Data Protection Impact Assessments

Data Protection Impact Assessments are a mandatory way of identifying, assessing and mitigating or minimising privacy risks.

Read more
gdpr, privacy, data protection, Essex, London, southend

GDPR – The six privacy principles

There are six principles which give companies a broad, top level overview of which areas are covered by the new regulation.

Read more
cyber security, personal, data, protection, Essex, London, southend

GDPR – Data subjects’ rights

GDPR lists a range of customers’ or data subjects’ rights that must be adhered to. If you hold data on anyone, they have a right to know.

Read more
customer, consent, Essex, London, southend

GDPR – Consent

Under GDPR your company must be able to prove clear and affirmative consent to process personal data.

Read more
fine, Essex, London, southend

GDPR – Liabilities to your business

Liability and responsibility will extend to all organisations that touch the personal data of the subject / subjects.

Read more
gdpr consultant, Essex, London, southend, training

GDPR and your business

Companies need to take a fresh look at how they deal with personal data in all aspects of operations, and 3rd party business relationships.

Read more
Brexit, Essex, London, southend

Post Brexit – Data Protection Bill

This new UK Data Protection Bill will replace the Data Protection Act 1998, and will essentially transfer the EU’s GDPR into UK law post Brexit.

Read more
GDPR, compliancy, compliant, consultancy

GDPR compliancy service

Find out how Globalnet can help small businesses protect personal data and meet GDPR requirements.

Read more


Globalnet aims to be an integral part of your success, providing the best business advice, superior IT support and technology to help you reach your goals.

0203 005 9650