GDPR Explained

Date: 5th March 2018
Author: Colin Walker

On 25 May 2018 a new EU regulation will come into effect, called the General Data Protection Regulation (GDPR). It adds to legislation already covered by the Data Protection Act by adding new rights for individuals and introducing new data protection obligations on organisations.

Any data that is processed by organisations is subject to a number of restrictions and organisations will need to clearly define their legal basis for processing that data. These include:

  • Consent – consent has to be freely given by the data subject. It must be informed, unambiguous and specific. A processor cannot use consent given for one specific action to process another. You can also withdraw your consent to have your data processed at any time.
  • Necessary for the performance of a contract –your employer needs to process your data in order to pay you for the work that you do, for example.
  • Legitimate interest –as an example if you apply for a job through an agency, it is in your legitimate interest and theirs for them to process your application. This interest is still overridden by the fundamental rights and interests of the individual.

You also have rights regarding your data including:

  • The right to object – you can object to the processing of your data where that processing is based on public interest, legitimate interest or the exercise of official authority.
  • Rights regarding automatic decision making and profiling – you have the right not to be subject to a decision based solely on automated processing, including profiling.
  • The right to correct errors or incomplete data – you have the right to make sure information held about you is correct and complete.
  • The right to withdraw consent – if you have given consent to have your data processed, you can withdraw that consent.
  • The right to be informed – companies will tell you what data they collect and what they do with it. New policies will be appearing on websites etc.
  • The right to data portability – you can retrieve your data in order to give it to a third party
  • The right to erasure – if you withdraw your consent for processing or the data is no longer necessary for the reason it was collected you have the right to ask for it to be erased. However this is not an absolute right and only applies in certain circumstances.

The GDPR makes organisations much more accountable for the information that they store, how they store and process it and also how long they keep it. For more information click here.

< Back to all Blog posts

Why not get in touch today

Whether you are ready to take the next step, have an initial enquiry or simply want some general advice, get in touch today to see how we can help