Embed Size (px)
Citation preview
Individual rights under GDPR – Roundtable
Andrew Rose, Senior Policy Officer, ICO
LeedsJanuary 2017
Individual rights• The right to be informed (Arts 13-14)
• The existence of automated decisions• Information on the data subject’s right to
withdraw consent• Name of DC’s data protection officer• Information on retention periods• The safeguards the DC applies to
international transfers
Does not apply where used for compliance with a legal obligation or atask carried out in the public interest or in the exercise of official authority
• The right to erasure (Art 17)
Individual rights• Rights in relation to automated decision
making and profiling.(Art 22)Individuals have a right not to be subject to a decision where that decision is based on automated
processing and it produces a legal effect or similarly significant effect on
the individual.
• The right to object (Art 21) where: - • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);• processing for purposes of scientific/historical research and statistics. • direct marketing (including profiling);
Individual rights• The right to rectification (Art 16)You must inform other organisations you have disclosed it to about the rectification where possible, andinform the data subject who they are (where appropriate)
If not complying – must tell the data subject why not and of their right to: -• complain to the supervisory authority• seek judicial remedy
• The right to data portability (Art 20)
Individual rights• The right to restrict processing (Arts 18 & 19)
• If the data subject has exercised their general right to object to processing.
• If the data subject has contested the accuracy of the information.
• If the data controller doesn't need the data anymore but the data subject requires it for legal claims.
• If the processing is unlawful but the data subject prefers restriction to erasure.
• The right of access (Art 15) • Similar information to be provided as
for DPA section 7• Generally no fee• Respond within a month unless high
volume or complex
Individual rights• The right to lodge a complaint against the
supervisory authority (Art 77)
• Right to an effective judicial remedy against a supervisory authority (Art 78)
• Right to an effective judicial remedy against a controller or processor (Art 79)
• Right to compensation and liability (Art 82)
