[Infographic] GDPR Data Subject Rights – What You Need to Know
Author Julian Jeliński
Author Julian Jeliński
The General Data Protection Regulation (GDPR) comes into effect on May 25th 2018 and introduces a list of data subjects’ rights to protect internet users. From this blog post you’ll learn how data controllers can ensure these rights and avoid severe fines. Download our informative infographic and it will all clear.
First of all it’s up to data processors and data controllers to make sure individuals can freely exercise their rights as data subjects. So it’s the job of processors and controllers to make appropriate changes in their products, or even alter the way they collect, store and organize data.
Once the changes are made and the data subject agrees to the collection and processing of their personal data, you need to assure that you keep respecting their rights – it’s not just a one and done thing. And you should really focus on these 6 rights, as they have the biggest consequences for web analytics and digital marketers:
Let’s start from the right of access. As the name suggests, data subjects have the right to know:
When it comes to the right to rectification, it allows individuals to correct their data if they see it is inaccurate or untruthful. Data controllers then have to erase or fix inaccurate or incomplete data.
You have to also remember that people can opt-in, but at any time they may reach out to you and say “hey, I didn’t know you’re sharing my data with company X, please stop doing that and make company X remove my data”. The right to erasure forces data controllers to remove the personal data within one month when:
Not only that, you also have to remember to ensure that all distributed personal data was removed–even the data that was processed by 3rd parties!
People will also now be able to stop you from performing specific actions with their data (the controller may only hold the data or use it for limited purposes). This is exactly the point of the right to restrict processing. It applies if:
Now let’s move on to data portability: you must be able to provide the data subject’s personal data in a structured, commonly used and machine-readable format – for example a CSV file. The GDPR strictly states that such information must be provided free of charge.
Of course to protect you from data subjects exploiting those rights by requesting data very often and recurrently, effectively trolling you, you can impose a reasonable fee for this particular request subject.
Find out if your analytics solution guarantees data accuracy and privacy, including GDPR compliance:Download FREE Guide
The last item on this list is the right to object to processing. All data subjects have the right to do so when it comes to direct marketing. In this case data controllers must stop such processing under all circumstances.
But, the data subject can also object to processing based on legitimate interests or for purposes of scientific, historical or statistical research. In those situations, the controllers must stop the processing in question unless they can demonstrate:
And that’s all you need to know regarding data subject rights and how will they influence web analytics and digital marketing. But, we have an additional, extremely helpful download, you might find it mighty interesting.
Check out our infographic on data subject rights under GDPR!
Download the infographic: GDPR Data Subject Rights – What You Need to Know
Please feel free to share this infographic on your site. If you do, we kindly ask that you attribute Piwik PRO with the embed code below:
<a href="https://piwik.pro/blog/infographic-gdpr-data-subject-rights/" rel="nofollow"> <img src="https://d1tvoxci7fjf9v.cloudfront.net/wp-content/uploads/2017/08/22112959/infograph_Data-Subject-Rights-FINAL.png" alt="Data-Subject-Rights-Under-GDPR-Piwik-PRO" width='1334' height='7000' border='0' /> </a>
If you liked this post, I’m sure you’ll love our other infographic on GDPR. So be sure to check out this blog post and infographic:
How to Collect and Process Data Under GDPR?