We operate within the heart of the energy and data sectors. This affords us with unique insights into the challenges and opportunities business, regulators and government face. Within this section you can view our latest views, press releases, thought leadership papers and more.
Home » Insights » GDPR Factsheet – New and Enhanced Rights for Individuals
Thought Leadership Papers.
GDPR Factsheet – New and Enhanced Rights for Individuals
27th March 2017
The General Data Protection Regulation (GDPR) is the most significant development in data protection law for more than two decades and will have far-reaching implications for businesses and organisations.
The GDPR’s aim to put individuals back in control of their data means businesses will need to look at every aspect of how they collect, manage and protect data.
New rights for individuals and requirements to respond and take appropriate action “without undue delay” will require organisations to ensure they have appropriate processes and resources in place.
Non-compliant data controllers and processors face significant fines and penalties after the GDPR comes into force in spring 2018.
Privacy Notices – Right to Information
The GDPR includes prescriptive rules on the information which organisations must provide to individuals before collecting personal data.
Organisations must include the following information within their Privacy Notices:
Purposes for collecting and processing personal data;
Legal basis for processing the data;
Details of any recipients of personal data they collect;
Contact details for the Data Protection Officer (where applicable);
Right of portability and how long the data will be stored;
Right to withdraw consent at any time whenever the processing is based on consent (where no other lawful basis for the processing exists);
Right for data subjects to request access to their data;
The existence of automated decision-making, including profiling, right of rectification or restriction of processing;
Right to lodge a complaint with a data protection supervisory authority (in the UK this would be the Information Commissioner’s Office while membership of
the EU remains); and
Details of any transfers of personal data outside of the European Economic Area.
The Notice must also be concise, easily accessible, using clear and plain language that is tailored to the appropriate audience. For example, policies aimed at children must be drafted in a way that they can understand.
How does this impact your organisation?
Organisations will need to strike a balance between providing too much information and being too high level to ensure they meet the transparency requirements to demonstrate effective notice or consent.
To read our thought leadership paper please complete the form below*:
Our work means different things to different clients and we wanted to share some details of the projects we have managed to give you an insight into our capabilities and the impact we have delivered as a business.
Did you like what you read? Did you want to find out more about the subject? Or did you simply want to get in touch with us? Either way if you would like to get in touch with us you can do so using the form on the right.
Get In Touch
Want to find out more?
Follow the links below find out more about the services we provide, our insight into the industries we serve or the opportunities available with us.