This is the fourth in a series of 12 posts with some advice from the ICO on how to start preparing for the advent of the GDPR in May 2018.
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
The main rights for individuals under the GDPR will be:
- subject access
- to have inaccuracies corrected
- to have information erased
- to prevent direct marketing
- to prevent automated decision-making and profiling
- data portability.
On the whole, the rights individuals will enjoy under the GDPR are the same as those under the DPA but with some significant enhancements. If you are geared up to give individuals their rights now, then the transition to the GDPR should be relatively easy. This is a good time to check your procedures and to work out how you would react if someone asks to have their personal data deleted, for example. Would your systems help you to locate and delete the data? Who will make the decisions about deletion?
The right to data portability is new. This is an enhanced form of subject access where you have to provide the data electronically and in a commonly used format. Many organisations will already provide the data in this way, but if you use paper print-outs or an unusual electronic format, now is a good time to revise your procedures and make any necessary changes.
For more details go to the Information Commissioners Office here
Source: ICO – Preparing for the General Data Protection Regulation