The General Data Protection Regulation (GDPR) gives the residents and the citizens, control over their personal data which is, otherwise, being exploited by the companies. This means that consumers now have the right to know when their data is hacked and the companies need to alert the concerned authorities as soon as they are aware of any kind of data misuse.
This means that the companies have to be very careful about how they process the consumer data According to the GDPR, the controllers will have to make sure that the consumer’s personal data is processed with utmost care and lawfully. Also, the process has to be transparent and must be towards the fulfillment of some specific purpose. In simple words, people should understand what their data is being used for, and how it is being done.
What is ‘lawful’ usage of data under GDPR?
‘Lawful’ usage of data can mean many things depending on the terms to which the consumer has agreed. For instance, in some cases, it can mean that the subject has given the consent to process their data. However, it can also mean compliance with some contract or legal obligation; if the certain process is in public interest; protection of an interest that is ‘essential for the life of’ the subject; or if doing so fulfills the controller’s legitimate interest like prevention of a fraud. For processing of data, any one of the above justifications must apply.
What is considered as consent?
Under the GDPR, consent is an active and affirmative action by the subject in question and not just some passive acceptance like a few existing models that have pre-ticked boxes or opt-outs. The controller is required to keep a record of when and how did an individual give consent.
Consumers have the right to withdraw their consent whenever they wish to. Organizations need to make sure that their current model for obtaining consent should abide by the current GDPR rules.
What counts as personal data?
The definition of personal data under the GDPR has been expanded to include online identifiers like IP address, and genetic data and biometric data other than name, address, and other economic, cultural or mental health information. Any data that was considered personal under the Data Protection Act is also identified as personal data under the GDPR.
When can people access their data stored by organizations?
GDPR outlines rules under which the people have the right to access their data at some intervals which are reasonable for the organization. The controllers have a month’s time to meet such requests. The legislation requires the controllers and processors to make it clear to the people how they collect and use the data, and how they process it.
It is required under the legislation to give all the said information to the people in plain language in order to give them information clearly and coherently. People have the right to ask any questions regarding their data like what is data being used for, who can see it, how long it is stored for, etc. Further, they can ask controllers to rectify the incorrect or incomplete data whenever they want.
Also, they may ask for their data to be deleted when it is not relevant anymore. It is the responsibility of the controller to get the same data deleted from other links that have the copies of it. If the consumer wishes to transfer their data elsewhere, the controller has to allow the process smoothly and will have to make the data available to the consumer in some common open format like CSV.
At MarkSpace Media, we are doing our best to comply with the rules and regulations as stipulated by the GDPR. Your consent is important to us and we make sure that we don’t miss it. If we need to make calls to you, we ensure that we don’t disrupt your schedule and are always open to rescheduling the call as per your availability. We value the information that you give us and we do our best to keep it secure. If you don’t want us to reach out to you, we will happily accept that and do the needful.