Many organisations, both public and private, hold information about you. This information could be anything from your name, address and date of birth to your bank account details. What’s more, as technology evolves, how organisations can collect and store data about you increases rapidly.
As the data controller, organisations are responsible for ensuring that your data is handled in accordance with the GDPR. As an individual, you have the right to know what information is held about you and how it is used.
This article will explain your rights under the General Data Protection Regulation (GDPR).
What Is GDPR?
The General Data Protection Regulation (GDPR) is globally the most challenging privacy and security law. Even though it was written and enacted by the European Union (EU), it enforces obligations onto organisations in anyplace, as long as they aim for or gather data associated with people in the EU.
The regulation went into effect on May 25, 2018. GDPR will charge high fines against those who disobey its privacy and security standards, totaling tens of millions of euros in penalties. GDPR data protection act was created to protect the rights of individuals, even though it may have more significant impacts on those who process and control data.
The legislation provides eight rights, such as allowing people more accessible access to the data companies hold about them or permitting deletion under specific scenarios. The Data Protection Commission (DPC) is responsible for upholding the fundamental right of individuals in the European Union to have their personal data protected.
How Can GDPR Help Individuals?
The GDPR is there to protect individuals and their data. It sets out rules for organisations on how they can collect and use personal information, as well as the rights that individuals have with regard to their data.
By understanding these rights, you can ensure that your data is only used appropriately and securely. In addition, if you believe your data has been mishandled, you can use the GDPR to hold organisations accountable.
The lawful reasons for processing personal data are stated in Article 6 of the GDPR. Under the GDPR, you have the following rights:
1. The right to be informed
You have the right to be informed about how your data is used. This includes the right to know why and how it’s being collected, who has access to it, and for what purpose. This right is typically fulfilled through data privacy policies.
2. The right to access
You have the right to request a copy of any information held about you by an organisation at any time. You can do this through a Subject Access Request (SAR). The access will usually be provided electronically and should include details such as the source, who has access, and how long it will be stored.
3. The right to rectification
If you believe that information held about you is inaccurate or incomplete, you have the right to ask for it to be corrected or completed. Rectification requests should be made in writing, and the data controller must respond within one month.
4. The right to erasure
Under certain circumstances, you have the right to request that all sensitive personal data associated with you be removed. This is known as the right to be forgotten. This can include data that is no longer necessary for the purpose it was collected.
5. The right to restrict processing
You have the right to request that an organisation stops using your data in specific ways while it is still stored. For example, this could mean stopping using your data for marketing purposes or research. In a fair and legal way, organisations can still store the data, but not use it.
6. The right to data portability
You have the right to request a copy of your data in a commonly used, machine-readable format. This allows you to transfer or ‘port’ your data from one organisation’s IT systems to another.
7. The right to object
Under certain circumstances, you have the right to object to how your data is used. This could include objecting to processing based on legitimate interests or direct marketing.
8. Rights around automated decision-making and profiling
Under GDPR data protection laws you have the right not to be subject to decisions made solely based on the automated processing of your data. This means organisations cannot make decisions
about you without human intervention, such as granting or denying a loan or insurance policy.
These rights are designed to give individuals better control over their data and how it is used. It also obligations organisations to ensure that data is handled responsibly and securely.
What Data Does GDPR Protect?
The GDPR data protection legislation applies to all personal data processed by private individuals or organisations. This could include:
• Name and address
• Date of birth
• IP addresses
• Financial information
• Employment History
• Health Records
• Biometric data (e.g. fingerprint scans)
It also applies to any information that can be used to identify a person, either directly or indirectly. This means that the GDPR also covers data such as online identifiers (e.g. usernames and passwords). Only personal data that is deemed “necessary” for a task can be collected and stored. Any data that is not necessary should be removed from the system.
Fines And Penalties For Noncompliance
If an organisation becomes noncompliant or experiences a data breach, its penalties can be harsh. Various factors are considered to decide what punishments are appropriate, such as how severe the breach was, how long it lasted, how many people were impacted by it and how much damage resulted from it.
Penalties can range from a warning to the highest possible fine of €20 million or 4% of an organisation’s annual global turnover, whichever is higher.
Organisations must also report any data breaches to local supervisory authorities as quickly as possible and should take steps to ensure that similar incidents do not occur in the future.
Ultimately, the GDPR serves as a reminder of the importance of data privacy and protection. By understanding your rights and ensuring organisations comply with these rules, you can help protect yourself and others.
For individuals and organisations alike, this is essential in keeping data secure and ensuring that people's trust in you remains intact. GDPR compliance is not only a legal requirement; it's also a moral obligation.
To find out what a GDPR solicitor does and how we can help you, click here (here is linked : https://www.mycase.ie/gdpr-solicitor)