Rights of Individuals Under the GDPR
Tuesday, January 2, 2018
GDPR, EU, Data Protection
Print Mail Download i

The EU’s General Data Protection Regulation goes into effect on May 25, 2018. GDPR replaces the EU Data Protection Directive. GDPR can apply to US-based businesses even if they do not have offices or employees in the EU. It can also reach activities conducted outside the EU.

The Directive did not regulate US businesses unless the collection or processing occurred within the EU (e.g., if a US-based company had a data center in the EU). Now GDPR clearly has stronger extraterritorial reach than its predecessor.

Businesses collecting and using personal data should know their GDPR obligations. Violators of GDPR face steep penalties. Regulators can fine a company up to 20,000,000 euros or 4% of worldwide annual turnover, whichever is higher.

The GDPR provides enhanced rights for individuals. Below we summarize the general principles companies must follow when interacting with individuals and we identify the specific rights granted to individuals under the GDPR. We also suggest some practical steps to assist your company’s compliance with this portion of the GDPR.

General Principles

  1. Your information and communications with individuals must be concise, transparent, intelligible, accessible and in clear/plain language.

  2. Rights can be exercised free of charge, unless manifestly unfounded/ excessive.

  3. You must respond to requests and provide information promptly and, generally, within one month (exemptions may apply).

Individual Rights

Right of access to personal data. An individual has the right to access personal data held by an organization.

Right of rectification. An individual has the right to request the correction of personal data held by an organization to the extent that it is inaccurate or incomplete.

Right to data portability. An individual has the right (in certain circumstances) to obtain personal data in a format to allow them to transfer it from one organization to another.

Right to withdraw consent. An individual has the right to withdraw consent at any time, and the process to withdraw consent must be as easy as the process to give consent.

Right to object. An individual has the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). This right also applies to direct marketing and processing for purposes of scientific/historical research and statistics.

Right to restrict processing. An individual has the right (in certain circumstances) to “block” or suppress the processing of their personal data.

Right to object to automated decision making (including profiling). An individual has the right (in certain circumstances) to object to automated decisions (including profiling) based upon the processing of personal data and request human involvement.

Right to erasure/to be forgotten. An individual has the right (in certain circumstances) to request the deletion of personal data where there is no compelling reason for its continued processing.

Other rights: An individual has the right to: complain to the data protection regulator; judicial remedy against a controller/ processor; representation (by consumer bodies/watchdogs); and compensation from controller/processor.

Notification of rectification, erasure or restriction. If an individual asks you to erase personal data, restrict processing, or rectify incomplete or inaccurate personal data, you must notify any other organizations who you disclose the individual’s personal data to (unless this is impossible or involves disproportionate effort).

Practical Steps

  1. Review, create and/or update protocols for dealing with individual rights. Ask and answer questions such as: Can we respond to requests within a month? Will we need any assistance from our processors?

  2. Ensure existing and new internal systems (HR, IT, etc.) are designed to give effect to and comply with these rights. Ask and answer questions such as: Do we have the ability to correct data? What is the process if an individual requests a copy of their data?

  3. Review and update your existing communications with individuals. Ask and answer questions such as: Are our public facing policies (e.g., privacy policies) and communications concise, transparent, intelligible, accessible and in clear/plain language?

Copyright © 2024 Womble Bond Dickinson (US) LLP All Rights Reserved.

Current Legal Analysis

More from Womble Bond Dickinson (US) LLP

DEA Accepts HHS Recommendation to Reschedule Cannabis [Podcast]
by: Mason E. Freeman , Aulica Lin Monroe
USPTO Proposes New PTAB Practices in Latest Notice of Proposed Rulemaking
by: Alexander P. Wharton
United Nations Unanimously Adopts the First Resolution on Promoting Safe, Secure, and Trustworthy Artificial Intelligence
by: Seiko Okada, M.D., Ph.D. , Dr. Christian E. Mammen
Permitting Reform and Responsible Mining: Q&A with IRMA’s Kristi Disney Bruckner
by: Scot Anderson
What We Are Listening for in House Education and Workforce Hearing on Columbia University’s Response to Antisemitism
by: Kristina M. Moore , Joe D. Whitley
The EU Artificial Intelligence (Al) Act: A Pioneering Framework for AI Governance
by: G. David Carter , Katie Hyman CIPP/E, CIPP/US, CIPM
For All Patent/Trademark Practitioners: USPTO Provides Guidance for Use of AI in Preparing USPTO Submissions
by: Seiko Okada, M.D., Ph.D. , Samuel A. Savanich
Increasing Volume of Pro Se, Frequent Litigants, and Pre-Litigation Demands & Arbitration Claims in Financial Services Litigation and Compliance [Podcast]
by: Shelton Sterling Laney III , Tomio Narita
Lighting the Way: ITC Decides First Case Under the Interim ID Program, Holds Domestic Industry Cannot Be Shown with Aggregated Investments in Multiple Products Covered by Different Patents
by: Daniel M. Grigore , Andrew Beverina
Window Shade Bracket Design is Not Protectable Trade Dress
by: Jason M. Rockman , Jacob S. Wharton

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins