Many years have passed since the actual data protecting regime had been set. The technology is making huge steps and virtual environment is full of new threats. The personal data are of a great value in such environment. Therefore, the data protection deserves a proper attention. And GDPR should provide more safety. To understand any law, it is necessary to be aware of principles upon which it is built. GDPR presents a modification to the Data Protection Principles in comparison to the older Directive, but it is not a revolution. GDPR rather reflects the actual needs of data subjects and brings massive opportunities for those who apply transparent approach to their customers. It may also have an impact as a competitive advantage.
The data protection is what matters to us; therefore, we strive to build our policy on its principles. The data protection principles alone give us only a little apprehension, so we will match them with the rights of data subjects.
The most important ambition of GDPR is to bolster the rights of individuals. The desire is obviously reflected in granting control over broad variety of individual rights. The organisations definitely need a tool to take over these rights and give the control to data subjects. Identity management is a way to master your data protection processes.
We will try to explain and describe the principles and rights in much more comprehensive form and avoid legalese used in GDPR’s provisions as much as possible.
Fair, lawful and transparent processing principle
Based on GDPR, you are supposed to process the personal data fairly and lawfully in the most extensive way. The essential principle of GDPR consists of several rights:
“The right to transparent communication” means the right to be provided by information in a transparent, intelligible and easily accessible form while using clear and plain language. It definitely requires additional data processing activities from the data controller. As GDPR favours data subjects, it requires the form and language to be comprehensible for masses.
Example: Imagine the situation. When you are about to open an account in a bank, a lot of personal information is going to be provided. No matter what the lawful basis of processing is, you always have the right to transparent communication. You cannot be forced to accept lengthy policies incorporated to contract. What is more, those data processing policies must not be written in a difficult language.
The principle is also connected with the “The right to basic information” regarding the identity of the data controller, the reasons for processing their data etc.
Example: Getting back to opening a bank account, the bank is supposed to provide you a lot of information displayed in a brief form and in plain language. The pack of information should give you a whole picture of what happens to your personal data. You must be informed of identity of a bank as a controller of data and its DPO. The purposes of processing have to tell you why and how the data will be processed. If there are other data recipients, you are first to know about them. These are only some of the information to be provided.
Another right of data subjects is the “Obligation to inform data subjects of the right to object”. The data controllers are obliged to inform data subjects of their rights to object to processing of their personal data no later than the time of their first communication with.
Example: As a bank client, you do not seem like a strong negotiating position. However, thanks to GDPR you are granted with a bunch of rights. Do not bother with remembering them, as the bank in position of controller is bound to inform you about all your rights every time the data are collected. You have to be aware of the data subject’s rights which give you control over your data and consent, along with the right to complain about trespasses.
Stay tuned for the next article concerning another data protection principles and you shall find out how strong your position in data privacy is!