Now that you have decided that you must comply with GDPR, have appointed your data protection officer and figured out how to demonstrate accountability, you will need to prepare for data subjects actually exercising their rights.
Data subjects have extended rights under the EU’s new General Data Protection Regulation (GDPR). These include the right to be forgotten, to data portability and to be informed of risk (data breaches). Organizations will need to get their user interfaces and customer care departments effectively, efficiently and professionally in order.
- Data controllers have the obligation to ensure erasure with all other parties who received that data from the controller.
- Data subjects have the right to receive a copy of their data in a readable, portable format —for example, to transfer it to another service provider, or data portability.
- Subjects have the right to know if something went wrong. A mishap resulting in unintentional or unauthorized use or deletion of personal data is a data breach incident.
If your business is not yet prepared to adequately handle data breach incidents and to deal with subjects exercising their rights, now is the time to start implementing additional controls.
Here are Gartner’s recommendations:
- IT leaders should implement a data breach notification procedure in their security incident processes, and team up with the DPO and relevant legal and customer care colleagues.
- Process owners must develop effective user interfaces for data subjects where possible, enabling them to exercise their rights as directly as possible.
- Gartner clients should update their public information to data subjects (for example, privacy statements), in line with GDPR requirements.
And there you have it; number five in Gartner’s five high-priority changes that will help you get up to speed with GDPR requirements:
- Determine your role under the GDPR.
- Appoint your data protection officer.
- Demonstrate accountability in all processing activities.
- Check your cross-border data flows.
- Prepare for data subjects exercising their rights.
Download Gartner’s white paper below.