In the website gdprandyou.ie, they talk generally about what individuals and organisations need to go through and know with respect to the new data protection regulation that is due to go live in May this year.
This article summarises what individuals i.e. data subjects need to be aware of.
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by organisations.
Personal data is any information that can identify an individual person. This includes a name, an ID number, location data or an address, online browsing history, images or anything relating to the physical, physiological, genetic, mental, economic, cultural or social identity of a person.
Under the GDPR individuals have the significantly strengthened rights to do the following:
- Obtain details about how their data is processed by an organisation or business
- Obtain copies of personal data that an organisation holds on them
- Have incorrect or incomplete data corrected
- Have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data
- Obtain their data from an organisation and to have that data transmitted to another organisation
- Object to the processing of their data by an organisation
- Not to be subject to automated decision making
- Not to be subject to profiling
Organisations must always be fully transparent to individuals about how they are using and safeguarding personal data, including by providing this information in easily accessible, concise, easy to understand and in clear language.
For organisations and businesses who breach the law, the Data Protection Commissioner (DPC) is being given more robust powers to impose very substantial sanctions including the power to impose fines. Under the new law, the DPC will be able to fine organisations up to € 10 and €20 million (2% or 4% of total global turnover) for serious infringements.
The GDPR will also permit individuals to seek compensation through the courts for breaches of their data privacy rights, including in circumstances where no material damage or financial loss has been suffered.