Rights of individuals
The existing rights of consumers will be strengthened under GDPR and they will gain a few new ones as well.
Right of access: if requested, companies will have to give individuals access to the data held on them to verify the lawfulness of how it was collected. They’ll have one month to grant this access.
Right to be informed: companies must provide what is called “fair processing information.” In other words, display a clear privacy notice explaining how the data will be used. The emphasis is on clear. Be totally upfront and honest in what you intend to do with the data – if you’re above board you have nothing to hide, right?
Right to object: individuals will have the right to object to a business using their data for specific purposes, such as marketing (for example). Again, companies have an obligation to make the intended use clear at the point of data collection.
Right to data portability: individuals can now transfer information a business holds on them to another data controller. What does that actually mean? Well, imagine if you could transfer your favourite Spotify playlists straight into iTunes. Or if you could send data from your FitBit to your GP surgery’s systems. That’s what this is.