In December 2018, Matthieu Blanc – Ex – VP Product for Zeenea – asked himself: “How will the GDPR change the Big Data world?” In this series of articles, we focus on the legal aspects explained during his conference at XebiCon’17.
Do you comply with the principles of processing personal data? 2/3
Do you guarantee the rights of the persons concerned? 3/3
One of the main objectives of the GDPR is to strengthen the rights of individuals
European residents have 8 new rights:
1) Right to be informed (Art. 13 & 14)
When data is collected from a physical person, several pieces of information must be communicated to them. These include the purpose of the treatment or the rights the enterprise has relative to them. It is important that privacy and data protection policies are easily accessible and updated. A link to the privacy policy must be provided whenever data is collected from registration forms online for example.
2) Right of access (Art. 15)
Exercising your right of access allows you to check the accuracy of your data and, if necessary, have it corrected or erased. For example, you can request your information to the person in charge of your file, and they are obligated to give you all of the information they have on you.
3) Right of rectification (Art. 16)
The right of rectification completes the right of access. A person may request that their inaccurate data are rectified, or incomplete to be completed. It prevents an organization from processing or spreading false information about you.
4) Right to data portability (Art. 20)
This is a new right. The right to portability gives people the ability to retrieve some of their data in an open, readable format. They can store or transmit them easily from one information system to another, for reuse for their personal purposes. This may be the case with telecom operators for example.
5) Right to object (Art. 21)
Anyone has the opportunity to object, for legitimate reasons, to a file. They may also refuse, without having to justify themselves, that their data be used for commercial prospecting purposes.
6) Right to erasure – Right to be forgotten (Art. 17)
A person has the right to demand, as soon as possible, the deletion of their data, when:
the person has withdrawn consent to the treatment,
the person objects to the treatment,
their data are no longer necessary for the purposes of the treatment,
their data has been subject to unlawful processing,
their data must be erased under legal obligation, except in certain cases.
If the person responsible makes their data public, he or she will have to inform the other data regulators who process it that the data must be erased and not reproduced.
7) Right to restriction of processing (Art. 18)
A person has the right to obtain the limitation of processing when they have objected to it, when they dispute the accuracy of the data, when their treatment is unlawful, or when they need it for finding, exercising or defending their rights in court.
8) Automated individual decision-making, including profiling (Art. 22)
A person has the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning or affecting them, except where that decision is necessary for the conclusion or performance of a contract, is lawfully authorized, or is based on their consent.
