To facilitate this, you must transparently and openly provide them with the information they need to understand how their data is collected and used. The law asks you to make a good faith effort to give people the means to control how their data is used and who has access to it. You can only override their objection by demonstrating the legitimate basis for using their data.Īs you can see, the data privacy principles of the GDPR are fairly straightforward. Moreover, if someone asks you to send their data to a designated third party, you have to do it ( if technically feasible), even if it’s one of your competitors.ĭata subjects have the right to object to you processing their data. Basically, you have to store your users’ personal data in a format that can be easily shared with others and understood. In line with this principle, the GDPR contains a novel data privacy requirement known as data portability. Remember that data privacy is the measure of control that people have over who can access their personal information. Also important to note: If you decide to take any action related to Articles 16, 17, or 18, then Article 19 requires you to notify the data subject. The data subject has the right to simply object to your processing of their data as well. Short of asking you to erase their data, data subjects can request that you temporarily change the way you process their data ( such as removing it temporarily from your website) if they believe the information is inaccurate, is being used illegally, or is no longer needed by the controller for the purposes claimed. You can find a template for such requests here.Īrticle 18 - Right to restrict processing You must make it simple for data subjects to file right to erasure requests. There are five exemptions to this right, including when processing their data is necessary to exercise your right to freedom of expression. The accuracy of the data you process is only tangentially an aspect of data privacy, but people have a right to correct inaccurate or incomplete personal data that you are processing.Īlso known as the “ right to be forgotten,” data subjects have the right to request that you delete any information about them that you have. Most importantly, they have a right to be provided with the personal data of theirs that you’re processing. This information includes the source of their personal data, the purpose of processing, and the length of time the data will be held, among other items. These articles list the exact information you have to provide.ĭata subjects have the right to know certain information about the processing activities of a data controller. If you don’t collect the information directly from the user, you are still required to provide them with similar information. You must also make it easy for people to make requests to you (e.g., a right to erasure request, etc.) and respond to those requests quickly and adequately.Īrticles 13 & 14 - When collecting personal dataĪt the moment you collect personal data from a user, you need to communicate specific information to them. You have to explain how you process data in “a concise, transparent, intelligible and easily accessible form, using clear and plain language” (see “ privacy notice”). Here’s a very basic summary of each of the articles under Chapter 3.Īrticle 12 - Transparency and communication Failure to do so can result in penalties (see “ GDPR fines”). As an organization, you are obligated to facilitate these rights. GDPR data privacyĬhapter 3 of the GDPR lays out the data privacy rights and principles that all “natural persons” are guaranteed under EU law. It may be helpful to first check out our GDPR overview to understand the GDPR’s general structure and some of its key terms. Data privacy means empowering your users to make their own decisions about who can process their data and for what purpose.īelow is a summary of the GDPR data privacy requirements. Data protection means keeping data safe from unauthorized access. Here’s what businesses need to know about data privacy in the GDPR.įor organizations subject to the GDPR, there are two broad categories of compliance you need to understand: data protection and data privacy. The GDPR says just as much about data privacy. The EU General Data Protection Regulation isn’t just about protecting sensitive information against hackers and leaks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |