Reaching full compliance can be tough. But there are 4 areas where it’s extra important to be properly prepared. We are writing about these in a series of blog posts. In this third one, you will learn more about data subjects rights management.
The right to know
A data subject is an individual to whom particular personal data relates. One of the key objectives of GDPR is to ensure the privacy and protection of the personal data of data subjects (for you, and all the individuals connected to your organization). To assure them of the protection and privacy of their data, they have certain rights. They can make a specific request and ask you to assure them that you don’t use their personal data for anything else than for which it was originally provided.
Data subjects have the right to be informed about what data you hold about them. They also have the right to be forgotten.
To be GDPR-compliant, you must be able to provide free information to your data subjects:
- at the time you collect their data
- in a transparent and easily accessible way
- with clear and accessible language (Avoid complicated and technical phrasing)
Your data subjects have the right to access their personal data. If they ask, give them confirmation of whether you are processing their data, other supplementary information and a copy of the personal data that you are processing.
Data subjects rights management: handle with care…
It’s important that your organization is aware of the rights that data subjects have, and that all personal data processing has to be lawful and in line with data subject expectations. Customer facing personnel and those responsible for employees should be aware of the rights of data subjects. They should know how to respond to, or expedite, their requests.
Inform data subjects about their rights under GDPR, as well as other applicable rules and regulations. You may want to include the information in your privacy notice. The privacy notice should be comprehensive and helpful, so the data subjects understand how their data is processed.
Transparency is best practice (period)
It’s not just about data subject rights, it’s about letting your customers and employees know you’re looking out for them. You should make it easy for data subjects to exercise their rights. Have routines in place to properly control the identity of a data subject, without making it more complicated than necessary.
Keep track of what requests you receive and when. If you have the general information to respond to questions and concerns easily accessible at all times, it will make you look even better in the eyes of the data subjects.
By being proactively transparent, and giving customized information per data subject category, you build better customer relationships and reduce the number of data subject requests.
Read our other blog posts in the series:
- PRIVACY READINESS: FOUR IMPORTANT EVENTS TO BE PREPARED FOR
- PRIVACY READINESS: HOW TO MANAGE THE RELATIONSHIP BETWEEN A DATA CONTROLLER AND A DATA PROCESSOR
- HAVE YOUR REPORTS READY FOR INSPECTION
Download our guide Better Privacy Management Strategy: 4 areas where you want to stay ahead below.