Ensuring that you can uphold and respond to your data subjects’ rights by establishing the correct structures and processes.
What are Data Subject Rights?
Rights are legal, social, or ethical principles of freedom or entitlement. Under the GDPR, Data Subject Rights (DSRs) are essentially those fundamental rules or legal entitlements to people by organisations who process their personal data.
The GDPR expands existing data subject rights provided in the Directive and the Data Protection Act, and creates several entirely new rights.
Should you care about Data Subject Rights?
TThe GDPR provides data subjects (customers, employees etc.) with rights which are enforceable against organisations that process their personal data. These rights may limit the ability of organisations to lawfully process data subjects’ personal data and can have a significant impact upon your organisation’s business model and operations.
All organisations that act as controllers are directly affected by the rights of data subjects and those that act as processors are affected to a lesser degree, but should still be aware of these rights.
How organisations manage DSRs will often be the the first line of visibility to their customers, employees and services providers as to how seriously they’re taking their legal obligation under the GDPR.
What does the GDPR require?
There are 9 GDPR articles that specify data subject rights and specify further requirements for the management and modalities of these.
The DSRs enforceable under the GDPR are:
This service considers the DSRs in the broader context of the GDPR as there are other articles which must be taken into account when delivering these right.
DSR Review and Remediation
We’ve considered each DSR carefully and the supporting processes required. Our approach uses predefined processes to help understand your current DSR support and gaps that need to be addressed.
Our workshop-based approach:
We build on your existing processes where possible to reduce the overhead of GDPR implementation providing an incremental and risk-based approach to your compliance obligations.