Published Friday, April 20, 2018
Data Subject Rights: What Actions Are Needed to Comply Under GDPR
By
| Published April 20, 2018
Need more information about managing your business risks?
The European Union's General Data Protection Regulation, or GDPR, enhances existing data subject rights previously provided for under the Data Protection Directive 95/46/EC, while also introducing new rights, which will have large implications for business that gather or process personal data. These organisations will have new obligations under the GDPR and will have to take steps to protect and comply with these rights.
These rights include the right for customers to information, to access their own personal data, correct or erase that personal data, restrict and object to data processing. They will also be able to receive a copy of their personal data or transfer it to another data controller, not be subject to automated decision-making and be notified of a data security breach.
A summary of the actions needed to safeguard these rights are:
Right of Information: Organisations need to have mechanisms in place to ensure fair and transparent processing, including adequate and clear privacy notices.
Right of Access: Organisations need to have mechanisms in place to provide access to and copies of personal data to data subjects.
Right to Rectification: Organisations need to have mechanisms in place to be able to locate all of the data subject's personal data across their systems and update as requested.
Right to be Forgotten: Organisations need to change the way they handle personal data and implement a framework through which they can respond to data subjects' requests to have their personal data erased.
Right to Restriction of Processing: Organisations need to have mechanisms in place to be able to locate all of the data subject's personal data across their systems and restrict its processing as requested and as appropriate.
Right to Data Portability: Organisations need to have mechanisms in place to provide personal data to data subjects in a structured or commonly used machine readable format.
Right to Object: Organisations need to have mechanisms in place to be able to locate all of the data subject's personal data across their systems and be able to stop processing.
Automated Individual Decision Making: Organisations need to have mechanisms in place to identify instances of decisions based solely on automated processing and to stop such processing where appropriate.
Organisations will find these actions easier to embed if they view these not as inconveniences, or try to establish the minimum requirement without facing penalties, but as restoring their customers rights. By taking these actions an organisation can empower their customers in a way that builds trust, and could end up being able to use personal data more effectively because of it.
In Canada, products and/or services described are provided by Continental Casualty Company, a CNA property/casualty insurance company. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
We are committed to providing tools and information valuable to you and your clients.
Subscribe to have communications relevant to your business' success delivered to your
inbox monthly.
In Canada, products and/or services described are provided by Continental Casualty Company, a CNA property/casualty insurance company. The information is intended to present a general overview for illustrative purposes only. Read CNA’s General Disclaimer.
![[Element context="autofill" type="content" key="STXT-AuthorTitle"]]()
Terri Mason-Benjamin is the AVP, Cyber and Professional Liability for CNA Canada, where she is responsible for leading and developing CNA’s Cyber Risk and Professional Liability portfolio in Canada, including product and portfolio management, growth strategy and underwriting team leadership.
Prior to joining CNA, Terri was the Head of Professional Indemnity and Cyber Risk for the Canadian operations within Allianz Global Corporate and Specialty, where she launched their Professional Liability and Cyber practices in Canada. In addition to underwriting, her experience includes claims administration and account management with a large international insurance brokerage. In addition to her many speaking engagements and presentations across the cyber/tech industry, she has served on several Global Expert Teams spanning various Professional Liability segments including Cyber Risk and Technology E&O, and is a Past Advisory Board Member with the NetDiligence Cyber Summit.
Terri attended York University in Toronto, is a certified Registered Professional Liability Underwriter (RPLU), and is currently working toward the Canadian Securities Course certification as well as the Certified Information Privacy Professional designation.
/web/wcm/connect/f5cacc69-ea25-4fe6-a6af-b6933a0e2f65/Terri-Mason-Bio.png?MOD=AJPERES
AVP, Cyber and Professional Liability
Terri Mason-Benjamin
Canada (English)
United States (English)
Belgium (English)
Denmark (English)
France (English)
Germany (English)
Italy (English)
Netherlands (English)
United Kingdom (English)