GDPR Compliance Journey - 11 Rights
Summary
TLDRIn this informative video, Mike Savile discusses the pivotal aspect of GDPR focusing on individual rights concerning their data. He outlines a three-step approach: informing individuals of their rights, enabling them to exercise these rights through various communication channels, and establishing a support process to handle requests efficiently. The video emphasizes the importance of transparency and simplicity in privacy notices and the creation of a user-friendly subject access request form to facilitate compliance with GDPR regulations.
Takeaways
- 📜 The General Data Protection Regulation (GDPR) is centered around giving individuals more rights regarding their data.
- 🗣️ Mike Savile introduces the topic of individual rights under GDPR, emphasizing the importance of understanding and implementing these rights correctly.
- 📝 The process of handling GDPR rights is broken down into three main steps: informing individuals of their rights, enabling them to exercise these rights, and having a support process for follow-up.
- 👤 The privacy notice on the guideline website is designed to be clear and transparent, listing the rights individuals have in plain English.
- 🔍 Individuals have the right to view the data held about them, request corrections, receive a copy, ask for deletion, object to data processing, and file complaints to supervisory authorities.
- 📧 There are multiple avenues for individuals to exercise their rights, including email, postal mail, contact forms, and a dedicated subject access request form.
- 📝 The subject access request form is a simplified method for individuals to specify their requests regarding information, such as obtaining a copy, requesting corrections, or deletion.
- ⏱️ The guideline company commits to responding to information requests within 24 hours and aims to complete the entire request process within 7 days.
- 📬 The support desk is equipped with processes to support the enablement of rights for individuals, ensuring a timely and appropriate response to requests.
- 🔒 The company is careful to explain to individuals how their information will be used and the format in which they will receive the requested information, including the option for a hard copy.
- 🔄 The video script concludes with a teaser for the next topic, which will be about data minimization, indicating a series of educational content on GDPR compliance.
Q & A
What is the main focus of the GDPR?
-The main focus of the GDPR is to give individuals more rights regarding what is done with their personal data.
What are the three steps mentioned in the script for handling GDPR rights?
-The three steps are: 1) Informing people about their rights, 2) Enabling them to exercise those rights, and 3) Having a process in place to support and follow-up on those requests.
How is the guideline privacy notice designed to be?
-The guideline privacy notice is designed to be clear, simple, and transparent, using plain English instead of GDPR jargon.
What rights are listed in the guideline privacy notice?
-The rights listed include the right to access, rectify, receive a copy of, delete, object to the processing of their data, and the right to complain to the supervisory authority.
What is the purpose of the subject access request form?
-The subject access request form is designed to deal specifically with information requests, making it easy for individuals to specify their requests related to their data.
How can individuals contact the guideline to exercise their rights?
-Individuals can contact the guideline by email, writing to the address provided on the website, using the contact form, or by phone.
What is the expected response time for initial contact regarding a data request?
-The initial response is expected within 24 hours of receiving the request.
What is the target time frame for completing the whole information request process?
-The ideal time frame for completing the whole information request process is within 7 days.
How is the format of the information provided to the individual specified in the script?
-The format of the information provided is specified as being able to be sent via email, with the option for a hard copy if requested.
What support processes are in place to enable the rights of individuals?
-The support desk processes are in place to support the enablement of rights for individuals, ensuring that requests are responded to in the right way.
What topic will be discussed in the next video of the series?
-The next video will discuss the topic of data minimization.
Outlines
📜 Introduction to GDPR Rights
In this video script, Mike Savile introduces the concept of rights under the General Data Protection Regulation (GDPR), emphasizing the importance of understanding and implementing these rights to ensure compliance. The script outlines a three-step approach to handling GDPR rights: informing individuals about their rights, enabling them to exercise these rights, and establishing a process to support and follow up on requests related to these rights. The focus is on transparency and simplicity in communication, ensuring that individuals are aware of their rights regarding their data.
📝 Transparency in Privacy Notices
The script details the process of informing individuals about their GDPR rights through a clear and transparent privacy notice on the guideline website. The privacy notice lists the rights individuals have, such as accessing, correcting, receiving a copy of, deleting, and objecting to the processing of their data, as well as the right to complain to the supervisory authority. The language used is plain English to avoid confusion and to ensure that individuals who may not be familiar with GDPR terminology can understand their rights.
📧 Enabling Rights Through Various Channels
The script explains the various methods individuals can use to exercise their rights under GDPR, including emailing, writing, using a contact form, or phoning the company. A specific 'Subject Access Request' form is highlighted, which simplifies the process of making information requests. The form asks for the nature of the request, whether it's for obtaining a copy of information, correcting information, deleting information, or lodging a complaint, and provides a space for additional information. The script also mentions the company's commitment to responding to requests promptly, initially within 24 hours and ideally completing the request within 7 days.
🔍 Support Desk Processes for Rights Enforcement
The final part of the script discusses the support desk processes that back up the company's commitment to enabling and responding to individuals' rights under GDPR. It outlines how requests made through letters, emails, and contact forms are directed to the support desk, where they are handled in accordance with established processes. The script assures viewers that the company is dedicated to responding in the appropriate manner to ensure compliance with GDPR and to make the process of exercising rights as straightforward as possible for individuals.
Mindmap
Keywords
💡GDPR
💡Individuals' Rights
💡Privacy Notice
💡Data Portability
💡Data Deletion
💡Subject Access Request
💡Support Desk
💡Data Minimization
💡Supervisory Authority
💡Plain English
💡Information Request
Highlights
Mike Savile introduces the topic of individual rights under the GDPR.
Emphasis on the importance of understanding and implementing individual rights correctly in GDPR.
Three-step approach to handling GDPR rights: informing, enabling, and supporting requests.
Privacy notice as a tool to inform individuals about their rights under GDPR.
Listing of rights in the privacy notice for transparency and clarity.
Use of plain English in the privacy notice to avoid confusion with GDPR jargon.
Description of the rights such as data correction, deletion, and objection.
Explanation of the process for individuals to exercise their rights, including email and postal contact.
Introduction of a subject access request form for handling information requests.
Details of the subject access request form, including its purpose and fields.
The process of responding to requests within 24 hours and aiming to complete within 7 days.
Format of the response and the option for individuals to request a hard copy.
Support desk processes that facilitate the enablement of rights for individuals.
Hope expressed that the information provided is useful for compliance with GDPR.
Preview of the next topic, data minimization, in the upcoming discussion.
Closing remarks encouraging simplicity in achieving GDPR compliance.
Transcripts
[Music]
hi I'm Mike Savile and welcome back to
the guideline gdpr Jenni this time we're
talking about rights now this is perhaps
the key part of gdpr
it's all about giving individuals more
rights with what's done with their data
so it's really important that we get it
right now
we're thinking of this in three steps
really first step is you need to tell
people about their rights the second
step what do you need to enable people
to exercise those rights and then
finally you need to have a process in
place to enable to support and follow-up
those requests so let's start with
telling people about their rights and
let's take a look at the guideline
privacy notice so here we are at the
guideline privacy statement on our
website and we've tried to keep this as
clear and as simple and as Traut
transparent as possible so if we scroll
down to the section on rights we've
listed the rights that people have so
people can see what data we hold on them
they can ask for it to be corrected they
can receive a copy of the data they can
ask us to delete it they can object to
what we're doing with it and they can
complain to the supervisory authority
and we've tried to describe it in plain
English rather than using the gdpr terms
so if we were to tell people about the
right to portability or the right to
restriction then that's kind of
difficult for people to understand who
perhaps on aware of the gdpr
so that's how we tell people about their
rights the next step is enabling those
rights so there are a number of routes
that customers and individuals can take
they can as it says here they can email
privacy at guideline com they can write
to us our addresses on every page of our
website they can contact us via our
contact form or they can phone us for
our phone number but we've also set up a
subject access request form
and if we take a look at this this deals
specifically with information requests
and so we've created a simple form that
asks the individual what the request is
in relation to and is it for obtaining a
copy of information is it for having
information corrected is it for having
information deleted or is it a complaint
about our service and then finally any
other requests that they have so they
might choose to obtain a copy there's a
space for them to enter any further
information so I need information for a
reference as an example they then into
their name and their email and company
and then we're very careful to explain
to them as part of this process what
we're going to use the information for
how quickly we're going to respond to
them so initially within 24 hours and
then ideally completing the whole
information request within 7 days and
then the format we're gonna reply
provide the information in and the fact
that if they want they can write to us
for a hard copy and then the individual
can submit that request that request
along with letters emails and contact
forms go through to our support desk
where we have support processes that
support the enablement of rights for
individuals so there you have it that's
how we a guide line I've dealt with
right so we tell people about them via
our privacy notice we enable people to
act on their rights by email or writing
to us but really viral subject access
request process and then we follow that
up and back it up with support desk
processes that enable us to respond in
the right way
so really hope you found that useful
next time we're talking about data
minimization but until then we hope you
find your compliance simple
Browse More Related Video
5.0 / 5 (0 votes)