What the ‘rights’ are under GDPR
What rights do customers and staff have?
All data subjects have ‘rights’ under GDPR, to include staff and clients. The GDPR provides the following rights for individuals:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- Rights in relation to automated decision making and profiling
Data subject consent?
This is clearly defined by GDPR, what the data subjects wishes are in processing their data.
What is a freedom of information request?
Under the GDPR, individuals will have the right to obtain:
- confirmation that their data is being processed;
- access to their personal data; and
- other supplementary information – this largely corresponds to the information that should be provided in a privacy notice
You must provide a copy of the information free of charge. However, you can charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.
You may also charge a reasonable fee to comply with requests for further copies of the same information. This does not mean that you can charge for all subsequent access requests.
In order to provide the information you must verify the identity of the person making the request, using “reasonable means”. If the request is made electronically, you should provide the information in a commonly used electronic format.