Use Clear, Plain Language
Inform Users of Their 8 Individual Rights Under the GDPR
- The right to be informed, before any data is collected from them, about how their data is being collected, processed, and stored, and for what purposes.
- The right to access their data after it has been collected and understand how it has been collected, processed, and stored, what data exists on them, and for what purposes.
- The right to correct inaccurate or incomplete data (also known as the “right to rectification”).
- The right to be forgotten/have their data erased, not just by your company but by any other firm you sold or transferred their data to.
- The right to restrict the processing of their data.
- The right to data portability, or the right to move, copy, or transfer personal data from one data controller to another safely, securely, and in a commonly used and machine-readable format.
- The right to object to processing without explicit consent, including the right to ban the inclusion of their data in direct marketing databases.
- The right to opt out of automated decision-making and demand that important decisions be made by humans, not algorithms.
Explain How You Will Collect & Use Users’ Personal Data
- Exactly what personal data is being collected and who will receive it.
- Whether users’ personal data is going to be transferred to a different country or an international organization.
- Your organization’s data retention policy. The GDPR bars companies from retaining user data beyond a “reasonable” period of time.
- Whether any automated processing will take place (remember, users can opt out of this).
Explain Your Legal Basis for Processing Users’ Personal Data
- The user has provided consent for processing for one or more specific purposes.
- The processing is necessary as part of a contract with the user.
- The processing is necessary for compliance with a legal obligation to which the controller is subject.
- The processing is necessary to protect the vital interests of the data subject or another natural person.
- The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the consumer, in particular if the consumer is a child.
Include Contact Information
Seek the Help of a GDPR Compliance Expert
GDPR compliance is complex and can be very confusing, and the penalties for non-compliance are staggering. To ensure your company doesn’t run afoul of the GDPR, it’s best to seek help from a reputable IT compliance expert such as Lazarus Alliance.
Is your organization ready for the GDPR compliance deadline on May 25? As part of our commitment to helping everyone prepare, Lazarus Alliance is offering a free GDPR readiness tool. Click here to take your GDPR readiness assessment and download your free report today!
The cyber security experts at Lazarus Alliance have deep knowledge of the cyber security field, are continually monitoring the latest information security threats, and are committed to protecting organizations of all sizes from security breaches. Our full-service risk assessment services and Continuum GRC RegTech software will help protect your organization from data breaches, ransomware attacks, and other cyber threats.
Lazarus Alliance is proactive cyber security®. Call 1-888-896-7580 to discuss your organization’s cyber security needs and find out how we can help your organization adhere to cyber security regulations, maintain compliance, and secure your systems.