Since late May this year the EU General Data Protection Regulation (GDPR) has come into effect. Apogado’s GDPRbox is an exciting new product designed to empower individuals and help companies become compliant with this new regulation.

What is GDPR’s purpose in a nutshell?

GDPR exists to help people keep control of their personal data. In today’s digital and connected world people and their actions are tracked and recorded when online but also increasingly even when offline. 

This does not need to be nefarious in nature, often the information gathered by companies is used to improve services and reduce costs but even with the best intentions there is the possibility of misuse.

The GDPR provides a framework and sets standards for handling personal data by companies. This gives companies new responsibilities and forces more interaction with the public. Another goal is to restore control and ownership of this data to the individual. This way people can be informed of what data is being collected about them and decide for themselves if and how that data should be used.

What are your rights as a data subject

In order for people to exercise their rights it’s important that they understand the power that GDPR gives them. There are six basic actions that individuals can take concerning their personal data:

  1. The most fundamental is the right to information. This gives individuals the power to ask a company to inform them about what personal data they are processing and the reason they have for doing so.
  2. The individual also has the right to access and rectify the aforementioned data. People have the right to request and view their personal data that is being processed and also to request that changes be made to the content if they feel it’s outdated or inaccurate.
  3. The right to withdraw consent and object are also crucial. A person can at any time provide or withdraw consent for the use of their personal data. Since under GDPR, an individual has the right to withdraw their previously provided consent regarding the processing of their personal at any time information for a specific purpose. This means that a company will have to stop using any data that they previously had access to and is affected by this request. Data subjects also have the right to object which is similar to withdrawing consent but more focused on restricting processing for specific reasons (such as not allowing their data to be processed while a legal dispute is underway).
  4. The individual has the right to object to automated processing. This forces any decision made regarding the individual to be by a person and not by a machine. This is a very important right, especially in light of all the automatic profiling that a lot of companies apply.
  5. Another crucial right is the right to erasure. Also known as the ‘right to be forgotten’. This means in simple terms that individuals can request that all their personal data held by a company is deleted. This is not an absolute right though and data retention periods and other applicable laws may influence the outcome.
  6. The new regulation also grants people the right to move their data. If they make such a request then either their data will be provided to them in an electronic fashion or it will be directly transferred to another controller of their choosing.

How and why to exercise them

The rights mentioned above can be exercised by any individual who has some connection to the company holding their personal data. It doesn’t matter if they are a consumer of the company’s products or services or an employee of the company or even an employee of another company that is part of a supply chain. What is important is that they make use of the new options provided to them via GDPR in order to take ownership of their data so they are informed of what their information is used for and empowered to act according to their desires. 

There are multiple possible options for exercising one’s rights and for companies to comply with the new regulation including written requests, however due to the number of companies that may have information about an individual or conversely the number of individuals that companies have information on, it is easier and simpler to use a specialised online tool like Apogado’s GDPRbox to facilitate and simplify the process of both making the requests as well as handling them. After all, the biggest obstacle to a citizen exercising any right is hassle and for companies the main goal is to minimise disruption of their operations while also providing these new services to the public.