The General Data Protection Regulation (GDPR) significantly changes the way data is managed. As of May 25th 2018 individuals have a number of rights relating to their data as well as new obligations to be fulfilled where one or more of these rights are exercised.
The articles throughout this section aim to make this easier by explaining how you can fulfill your own obligations relating to these rights for any data held within the Risk & Compliance System.
If you are unfamiliar with these rights a good place to start is the guide prepared by the Information Commissioners Office (ICO) which can be found here.
Under GDPR individuals gain the following rights which you may need to comply with:
1. Right to Access
The right of access, or subject access, provides individuals (the data subject) a right to obtain a copy of their personal data and supplementary information. An individual may make such a request in writing or verbally and you have one month to respond to this request. In addition you can no longer charge a fee to fulfill such a request.
We have prepared a guide on how to search our system in order to action a right of access request which can be found here.
2. Right to Rectification
GDPR provides individuals with a right to have inaccruate/incomplete personal data updated and corrected. Much like the right to access, an individual may make such a request either in writing or verbally and you have one month to answer this request.
We have prepared a guide on how to amend data within our system in order to action a right of rectification request which can be found here.
3. The Right to Erasure
The Right to Erasure, also known as the ‘right to be forgotten’, provides individuals with the right to have their personal data erased. An individual, or data subject, can make this request verbally or in writing and you have one month to respond.
It is important to keep in mind that this right is not absolute. There circumstances where the right may not apply, either partially or in full, and the eligibility of the requesting individual to the data should also be considered.
Should you need to erase data from our system to comply with a request under this right we have prepared two guides:
We have prepared a guide on how to delete data from our system in order to action a right of erasure request which can be found here.
4. The Right to Data Portability
This provides individuals with the right to obtain and reuse their personal data. Under this right you should be able to provide the requesting individual with their relevant data in a structured, commonly used and machine readable format (for example documents in Excel, Word or PDF formats).
We have prepared a guide on how extract data from our system in order to action a right of portability request which can be found here.
We have a team of experts on hand to break down the regulation and offer guidance. You can find our dedicated GDPR page here or you'd like to speak with a member of the team, please call 01829 731 200 or email us at firstname.lastname@example.org.