GDPR Factsheet – New and Enhanced Rights for Individuals

GDPR Factsheet – New and Enhanced Rights for IndividualsThe General Data Protection Regulation (GDPR) is the most significant development in data protection law for more than two decades and will have far-reaching implications for businesses and organisations.

The GDPR’s aim to put individuals back in control of their data means businesses will need to look at every aspect of how they collect, manage and protect data.

New rights for individuals and requirements to respond and take appropriate action “without undue delay” will require organisations to ensure they have appropriate processes and resources in place.

Non-compliant data controllers and processors face significant fines and penalties after the GDPR comes into force in spring 2018.

Privacy Notices – Right to Information

The GDPR includes prescriptive rules on the information which organisations must provide to individuals before collecting personal data.

Organisations must include the following information within their Privacy Notices:

  • Purposes for collecting and processing personal data;
  • Legal basis for processing the data;
    Details of any recipients of personal data they collect;
  • Contact details for the Data Protection Officer (where applicable);
  • Right of portability and how long the data will be stored;
  • Right to withdraw consent at any time whenever the processing is based on consent (where no other lawful basis for the processing exists);
  • Right for data subjects to request access to their data;
  • The existence of automated decision-making, including profiling, right of rectification or restriction of processing;
  • Right to lodge a complaint with a data protection supervisory authority (in the UK this would be the Information Commissioner’s Office while membership of
    the EU remains); and
  • Details of any transfers of personal data outside of the European Economic Area.

The Notice must also be concise, easily accessible, using clear and plain language that is tailored to the appropriate audience. For example, policies aimed at children must be drafted in a way that they can understand.

How does this impact your organisation?

Organisations will need to strike a balance between providing too much information and being too high level to ensure they meet the transparency requirements to demonstrate effective notice or consent.

To read out thoughts leadership paper please click the link below:

GDPR Factsheet – New and Enhanced Rights for Individuals

*Problems with downloading? Email requesting the TLP, and we will send you a copy!

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out


Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors