GDPR Factsheet – New and Enhanced Rights for IndividualsThe General Data Protection Regulation (GDPR) is the most significant development in data protection law for more than two decades and will have far-reaching implications for businesses and organisations.

The GDPR’s aim to put individuals back in control of their data means businesses will need to look at every aspect of how they collect, manage and protect data.

New rights for individuals and requirements to respond and take appropriate action “without undue delay” will require organisations to ensure they have appropriate processes and resources in place.

Non-compliant data controllers and processors face significant fines and penalties after the GDPR comes into force in spring 2018.

Privacy Notices – Right to Information

The GDPR includes prescriptive rules on the information which organisations must provide to individuals before collecting personal data.

Organisations must include the following information within their Privacy Notices:

  • Purposes for collecting and processing personal data;
  • Legal basis for processing the data;
    Details of any recipients of personal data they collect;
  • Contact details for the Data Protection Officer (where applicable);
  • Right of portability and how long the data will be stored;
  • Right to withdraw consent at any time whenever the processing is based on consent (where no other lawful basis for the processing exists);
  • Right for data subjects to request access to their data;
  • The existence of automated decision-making, including profiling, right of rectification or restriction of processing;
  • Right to lodge a complaint with a data protection supervisory authority (in the UK this would be the Information Commissioner’s Office while membership of
    the EU remains); and
  • Details of any transfers of personal data outside of the European Economic Area.

The Notice must also be concise, easily accessible, using clear and plain language that is tailored to the appropriate audience. For example, policies aimed at children must be drafted in a way that they can understand.

How does this impact your organisation?

Organisations will need to strike a balance between providing too much information and being too high level to ensure they meet the transparency requirements to demonstrate effective notice or consent.

To read our thought leadership paper please complete the form below*:



*Problems with downloading? Email requesting the TLP, and we will send you a copy!


Our Latest Insights.

Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.


View All Insights

Say Hi.

Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.

Gemserv will use your details to get in touch with you and to send you information about our products and services that you have requested, in accordance with our privacy policy. You can, of course, opt out of these communications at any time!

Get In Touch

Want to find out more?

Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.
Sectors Capabilities Our Insights Careers