The latest news from Zinc Digital
GDPR is the new standard in Data Protection. When it comes into effect on 25th May 2018, every business in the EU will need to comply with a new set of guidelines that control and protect the data that’s used and collected on a daily basis.
One of the most important obligations you have as an organisation is the requirement to gain consent from your users. The critical words that have been added to this obligation are ‘unambiguous’ and ‘affirmative’ – this means that it is no longer acceptable for inaction or automation to be counted as consent. Your users need to actively opt in, with the ability to see exactly what they are agreeing to and how they can retract their consent if they change their mind.
This is one of the many rights of the individual that have been clarified and expanded to offer a higher level of protection under GDPR. Each addition gives your users the ability to control their data in a new way, which in turn gives you and your business an obligation to comply with this.
Beforehand, individuals could request access to their information but it was often made difficult by organisations. Now, it must be provided for free and in a commonly used formats. What’s more, if the request has been raised online, the data you provide must also be given in a digital format.
If you have collected inaccurate or missing data regarding a user, that individual has the right to have it corrected or completed. This is especially necessary if the data is misleading in any way. You may receive a request for rectification verbally or in writing, and must offer a response. If you believe the information is not inaccurate, you can refuse to rectify. Include evidence and point them towards the ICO if they would like to escalate the issue.
Often also referred to as the ‘Right To Be Forgotten’, this is not a new concept in Data Protection. Nevertheless, with GDPR the rules regarding this course of action have developed to make things easier on the user. Individuals can request complete erasure of the data that you hold on them in the event that it is no longer necessary for the original purpose, or if they want to retract consent. You are permitted to refuse a request for erasure in certain, very special, circumstances. This could be if you are complying with a legal obligation, operating as an official authority or in the public interest.
In some cases, there will be a legitimate need to retain the data you are collecting. In these cases, a user will have their requests for erasure rejected, but as an organisation you may still need to change the way you handle their data. This is restricted processing, in which you are permitted to store the data that you have, but not use it.
With this right, your users have the capability to transfer the data you hold to another IT environment, such as another provider of your service.
Individuals have the right to object to their data being processed for the purposes of scientific or historical research, for direct marketing, and by an official authority.
Zinc is a digital agency that offers support and services while implementing a gap analysis or internal review. We cannot advise on your individual needs, and do not accept responsibility for any non-compliance
To talk about how we can help action the points raised in a gap analysis or internal review, call us today.
Our accreditations - you're in safe hands...
Sponsored for digital
business growth by: