GDPR rights for individuals
GDPR (General Data Protection Regulation) is a new privacy regulation that came into effect on May 25th, 2018 and that effect all personal data processing in the European Union. One of its key aims is to improve personal data protection and the rights of registered individuals.
The 7 key points about the GDPR to individuals
The right to access
Individuals have the right to know what personal data has been collected of them and how it is used.
Subject access requests
Registered individuals have the right to request and receive a copy of their personal data within a reasonable time and in an understandable and accessible form.
The right to have information corrected
Individuals have the right to have their personal information updated if it is incomplete or incorrect.
The right to erasure
A data subject (individual) can remove their consent to gather or use their data at any time. In certain circumstances they can also have their data removed without undue delay.
In Finland, the national supervisory authority is the Data Protection Ombudsman.
Fines and other sanctions
The office of the Data Protection Ombudsman can issue a data controller (organisation) a warning or a reprimand, a processing ban or a fine for a failure to comply with the regulation.
The GDPR applies to all data controllers and data processors
The GDPR applies to all data controllers and processors: corporations, associations and the public sector and to all kinds of personal data: client information, employee information as well as information on club, association or housing cooperative members.