GDPR Compliance Journey - 11 Rights

Gydeline

17 May 201804:36

Summary

TLDRIn this informative video, Mike Savile discusses the pivotal aspect of GDPR focusing on individual rights concerning their data. He outlines a three-step approach: informing individuals of their rights, enabling them to exercise these rights through various communication channels, and establishing a support process to handle requests efficiently. The video emphasizes the importance of transparency and simplicity in privacy notices and the creation of a user-friendly subject access request form to facilitate compliance with GDPR regulations.

Takeaways

📜 The General Data Protection Regulation (GDPR) is centered around giving individuals more rights regarding their data.
🗣️ Mike Savile introduces the topic of individual rights under GDPR, emphasizing the importance of understanding and implementing these rights correctly.
📝 The process of handling GDPR rights is broken down into three main steps: informing individuals of their rights, enabling them to exercise these rights, and having a support process for follow-up.
👤 The privacy notice on the guideline website is designed to be clear and transparent, listing the rights individuals have in plain English.
🔍 Individuals have the right to view the data held about them, request corrections, receive a copy, ask for deletion, object to data processing, and file complaints to supervisory authorities.
📧 There are multiple avenues for individuals to exercise their rights, including email, postal mail, contact forms, and a dedicated subject access request form.
📝 The subject access request form is a simplified method for individuals to specify their requests regarding information, such as obtaining a copy, requesting corrections, or deletion.
⏱️ The guideline company commits to responding to information requests within 24 hours and aims to complete the entire request process within 7 days.
📬 The support desk is equipped with processes to support the enablement of rights for individuals, ensuring a timely and appropriate response to requests.
🔒 The company is careful to explain to individuals how their information will be used and the format in which they will receive the requested information, including the option for a hard copy.
🔄 The video script concludes with a teaser for the next topic, which will be about data minimization, indicating a series of educational content on GDPR compliance.

Q & A

What is the main focus of the GDPR?
-The main focus of the GDPR is to give individuals more rights regarding what is done with their personal data.
What are the three steps mentioned in the script for handling GDPR rights?
-The three steps are: 1) Informing people about their rights, 2) Enabling them to exercise those rights, and 3) Having a process in place to support and follow-up on those requests.
How is the guideline privacy notice designed to be?
-The guideline privacy notice is designed to be clear, simple, and transparent, using plain English instead of GDPR jargon.
What rights are listed in the guideline privacy notice?
-The rights listed include the right to access, rectify, receive a copy of, delete, object to the processing of their data, and the right to complain to the supervisory authority.
What is the purpose of the subject access request form?
-The subject access request form is designed to deal specifically with information requests, making it easy for individuals to specify their requests related to their data.
How can individuals contact the guideline to exercise their rights?
-Individuals can contact the guideline by email, writing to the address provided on the website, using the contact form, or by phone.
What is the expected response time for initial contact regarding a data request?
-The initial response is expected within 24 hours of receiving the request.
What is the target time frame for completing the whole information request process?
-The ideal time frame for completing the whole information request process is within 7 days.
How is the format of the information provided to the individual specified in the script?
-The format of the information provided is specified as being able to be sent via email, with the option for a hard copy if requested.
What support processes are in place to enable the rights of individuals?
-The support desk processes are in place to support the enablement of rights for individuals, ensuring that requests are responded to in the right way.
What topic will be discussed in the next video of the series?
-The next video will discuss the topic of data minimization.