« Back to all posts

Your plain English guide to GDPR: Part two of our mini series

Land Insight to 17 April NS

PART TWO: Consumer rights and data breaches

Familiarise yourself with your customers’ rights

Under GDPR, your customers are given comprehensive rights that can be enforced in relation to the collection, processing or storing of their data.

These rights will limit how you handle customer data. So you will need to put procedures in place to ensure that you can both adhere to and service their requirements.

These rights are as follows (in plain English):

To be informed: Your customers have the right to be provided with information about how their data is processed and the reasons for processing. This type of information should be visible within your Privacy Policy.

To be given access: Your customers have a right to see what data your business holds about them.

If they issue a request to see the data, you need to be aware that – in most cases – you will not be able to charge for the service.

You will have one month to comply with any request, unless it is complex, in which case you can be granted an extension.

Remember to put internal security measures in place when releasing any sensitive data.

If a contact asks you to provide them with data, it would not be deemed unreasonable to request that they come into the office and present suitable identification to you.

This would certainly demonstrate that you are protecting your customers’ and businesses’ best interests.

Again, if this is going to be part of your data protection policy, ensure that it is documented in your Privacy Policy so that customers are made aware of it.

The right to erasure – also known as the “right to be forgotten”: Individuals have the right to have their data removed from your database at any time, provided that they are not currently benefiting from any of your services, or that you are contractually obligated to store their data.

This right applies when:

  • The personal data is no longer needed for the purpose(s) that it was collected.
  • The individual withdraws consent.
  • The individual objects to the processing in cases where there is no overriding reason for continued processing.
  • The personal data was processed unlawfully.
  • The personal data must be erased to comply with a legal obligation.

To move, copy, or transfer: You need to be aware that your customers have the right to obtain and re-use their personal data for their own reasons across different services.

So you will need to ensure that you can service their requirements to move, copy, or transfer their data easily and securely from one IT environment to another.

To be able to rectify or change: Your customers can have their personal data rectified if it is inaccurate or incomplete.

To restrict processing: Your customers have a right to ‘block’ or suppress processing of personal data.

Can you handle a data breach?

To prepare your business for breach reporting, your team needs to understand what constitutes a data breach, and recognise that this is more than a case of lost personal data.

A data breach encompasses destruction, loss, unauthorised alteration, and unauthorised disclosure of – or access to – personal data.

To comply with GDPR, your business needs to implement procedures to detect, report and investigate data breaches.

The Information Commissioner’s Office (ICO) must be informed of all data breaches in which there is a high risk to the individual’s rights and freedoms.

A notifiable breach must be reported to the relevant supervisory authority within 72 hours of the organisation becoming aware of it, and the individual should be informed.

Failure to report a data breach could result in a fine of €10m or 2% of turnover.

Richard Combellack is chief commercial officer at BriefYourMarket. https://www.briefyourmarket.com/

Disclaimer: BriefYourMarket.com is not a legal or regulatory body. This article is for informative purposes only. To understand your position in relation to the GDPR, please consult a/your legal advice organisation


Email the story to a friend

daily news
email from EYE

straight to your inbox

Join 20,000 industry colleagues
and subscribe to our free daily news email.

(You may unsubscribe at any time and we promise never to sell or pass on your email address)

Thank you! To complete the subscription, please click the link in the email we just sent you.


[ comments ]

Source:: Your plain English guide to GDPR: Part two of our mini series