GDPR Rights

The General Data Protection Regulations (GDPR) gives individuals a range of rights relating to the details business hold and obtain about them. This applies to websites meaning customer's sites must be developed in compliance with the laws.

The rights given are detailed below with the implications for websites

Right to be informed

Individuals must be given clear information about the details that the site will collect and how that data will be processed.

All site types are affected by this and should have a appropriate Privacy Policy tailored to their process. It must be concise, transparent, written in plain language and free.

Right of access

Individuals have the right to obtain confirmation that their data is being processed, access to the personal data held and other information listed under the Privacy Policy. This has to be provided free of charge.

Right to rectification

Individuals can have their personal data corrected if it is found to be inaccurate or incomplete. Requests for this should be responded to within one month, this time can be extended depending on the complexity of the data held.

Right to erasure

Individuals have the right to have personal data deleted by a business under certain circumstances.

Right to restrict processing

Individuals have the right to block or prevent further processing of data under specific circumstances. The data can be stored but should not be processed.

Right to data portability

The right to data portability provides individuals the ability to obtain and reuse data for their own purposes in across different services.

Data should be held in a way that allows them to move, copy or transfer it to another IT environment; in a safe and secure way, without effect on the usability.

Right to object

Individuals have the right to object to processing of data for direct marketing purposes, scientific/research purposes or legitimate interests of the individual.

These rights are superseded with regards to electronic communication: phone, email, SMS messaging and other 'electronic mailing', by Privacy and Electronic Communications Regulations (PECR). Business must get explicit opt in consent in order for electronic marketing to be sent to a person.