Subjects Rights Requests – How will you manage them?
The EU General Data Protection Regulation (GDPR) takes effect on 25th May 2018, and with it all EU citizens have new rights to their data.
All EU citizens now have the right to; be informed, access, rectification, erasure, restrict processing, data portability and to object. With these new rights, you as a business need to be able to show that you have responded to a citizen within 1 month of receiving their enquiry and are actively working to fulfil their request.
UtopiaR offers a turnkey solution for all businesses. All different types of subject rights requests can be logged into the tool and managed through a clear and visible process to ensure that no requests are lost and that they are fulfilled on time.
To make this even simpler, we’ve made it possible for you to embed our rights request form in your own website in minutes, giving your customers and clients a simple route to logging these requests efficiently with you.
Article 25 of the EU General Data Protection Regulation (GDPR) requires that “data protection by design and default” is delivered in the processing of personal data. This approach is not new and is best evidenced by the completion of a Data Protection Impact Assessment, which under Article 35 of GDPR is required for all data processing activities which are “likely to result in a high risk to the rights and freedoms of natural persons”.
The conducting of effective Data Protection Impact Assessments (also known as Privacy Impact Assessments) are at the heart of “Privacy by Design and Default”. This activity has a number of distinct roles which are addressed by the UtopiaR solution:
To understand and implement effect privacy controls into all data processing activities.
To identify and escalate data protection and privacy issues that may be identified during the course of an assessment.
To reduce the exposure, associated costs and legislative penalties from data protection and privacy risks that otherwise may not have been discovered.
To produce comprehensive Data Protection Impact Assessments which can be provided to the Supervisory Authority upon request (e.g. in the event of an investigation).
To provide an option for sharing transparency of how personal data is being processed with data subjects, to build confidence and trust.
To support existing information security best practice for those who undertake risk management activities, for example as part of their ISO27001 information security certification.