Ensuring that you can uphold and respond to your data subjects’ rights by establishing the correct structures and processes.
What are Data Subject Rights?
Rights are legal, social, or ethical principles of freedom or entitlement. Under the GDPR, Data Subject Rights (DSRs) are essentially those fundamental rules or legal entitlements to people by organisations who process their personal data.
The GDPR expands existing data subject rights provided in the Directive and the Data Protection Act, and creates several entirely new rights.
Should you care about DSRs?
The GDPR provides data subjects (customers, employees etc.) with rights which are enforceable against organisations that process their personal data. These rights may limit the ability of organisations to lawfully process data subjects’ personal data and can have a significant impact upon your organisation’s business model and operations.
All organisations that act as controllers are directly affected by the rights of data subjects and those that act as processors are affected to a lesser degree, but should still be aware of these rights.
How organisations manage DSRs will often be the the first line of visibility to their customers, employess and services providers as to how seriously they’re taking their legal obligation under the GDPR.
What does the GDPR require?
There are 9 GDPR articles that specify data subject rights and specify further requirements for the management and modalities of these.
The DSRs enforceable under the GDPR are:
- Notifications where personal data is collected directly by your organisation or from a 3rd party
- Access to personal data held by the organisation
- Rectification of inaccurate data
- Erasure (or ‘to be forgotten’)
- Restriction of processing
- Notification of above 3 rights
- Data portability
- Automated decision-making including profiling
This service considers the DSRs in the broader context of the GDPR as there are other articles which must be taken into account when delivering these right.
DSR Review and Remediation
We’ve considered each DSR carefully and the supporting processes required. Our approach uses predefined processes to help understand your current DSR support and gaps that need to be addressed.
Our workshop-based approach:
- Reviews these rights and ensures you understand the business impact of each right
- Reviews their communication and content to ensure that they clearly state all necessary information
- Identifies whether effective processes, structures and systems are in place to enable your organisation to support these rights and the action you need to take to address any gaps.
We build on your existing processes where possible to reduce the overhead of GDPR implementation providing an incremental and risk-based approach to your compliance obligations.