Ad – How Rightly Can Help You Control Your Data
Consumers are becoming increasingly concerned about how their personal data is processed, especially now with the introduction of ‘track and trace’ on paper and through apps.
Companies are responsible for keeping your personal data (which belongs to you) safe and secure. How do you know they are doing that? Do you know how easy it is to find out if you are a victim of a data breach? Rightly can help you find out.
GDPR – YOUR PERSONAL DATA AND CONSUMER RIGHTS
The Data Protection Act 1998 (2002 in the Isle of Man) was updated and replaced with the General Data Protection Regulation Act 2018 (GDPR) in May 2018. Your personal data belongs to you and is enshrined in your consumer rights.
The GDPR Act 2018 is a harmonised version, although the principles remain the same with a new accountability requirement.
The reason for the update is because of technological and digital advances that were not relevant or covered in the old legislation, and to harmonise and empower EU citizens with more powers over the use of their personal data. This legislation will remain in place after the UK has left the EU, so it is here to stay.
THE MOST SIGNIFICANT ADDITION IS THE ACCOUNTABILITY PRINCIPLE
GDPR requires organisations to evidence how they have complied with the principles – for example by documenting the decisions taken about a processing activity.
This also means that when you ask for your data back, companies have to tell you how they have been using it, and you can see if they’ve complied with GDPR.
PENALTIES OF NOT COMPLYING WITH GDPR
Penalties for non-compliance can range up to €20m or 4% of annual global turnover, whichever is higher, and the Information Commissioner’s Office (ICO) take a variety of factors in to account including the gravity of the offence, damage to the individual, if the infringement has been disclosed to the ICO and other aspects.
It is worth knowing that it is mandatory for any organisation to report any infringements of the GDPR Act 2018 to the ICO.
Non-compliance and not reporting the infringement will be taken more seriously and penalties incurred reflect that.
WHAT IS PERSONAL DATA?
Personal data is anything that can be used to identify you as an individual. This includes, for example:
· National Insurance number
· Bank account details
· NHS identification number
It is also important to note that whilst these look like separate data points gathered from different places, they are shared and sold on to data brokers who form ‘data profiles’ so companies can buy all of this information at once.
Proving this could also benefit you financially. If you have been the victim of a data breach and you are claiming compensation, showing mismanagement will likely increase the sum that you may receive.
You can send them a DSAR or SAR to find out. This is a written request asking what personal data a company has on you, which they must reply to within 30 days. More on that below – to find out about data breaches, click here
ARTICLE 5 OF THE GDPR REQUIRES THAT PERSONAL DATA SHALL BE:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
FINDING OUT WHERE YOUR PERSONAL DATA IS: SEND A SAR
You have a right to access your personal data with any organisation free of charge by submitting a Data Subject Access Request. A Data Subject Access Request is simply a request from you as the Data Subject to Access your data (which belongs to you).
You can easily do this via www.rightly.co.uk. Their platform enables you to submit multiple Data Subject Access Requests to over 10,000 companies for free. You have a right to find out who has your personal information and update and delete it as appropriate. Your personal data belongs to you.
WHY IS IT OUR RIGHT TO SEND A DATA SUBJECT ACCESS REQUEST?
You have a right to know how organisations are processing your data (which belongs to you). You can send a Data Subject Access Request via this link.
HOW CAN DATA SUBJECT ACCESS REQUESTS HELP YOU?
A Data Subject Access Request will enable you to see precisely what data (which belongs to you) and give you:
- Better control over your own data
- Find out what companies know about you
- Help you get out of debt
- Get evidence for appeals
Clean up your digital footprint – find out what companies know about you.
Make data work for you – delete your information from company records.
Manage your marketing preferences – change how companies communicate with you.
You may be entitled to compensation if an organisation has breached GDPR principles.
There are none – simple as that.
Rightly empowers you to take back control of your personal data.
Rightly enables you to use DSARs to your advantage.
An interesting aspect of GDPR is that you can instruct any company to delete your data. This includes any firm that is pestering you with junk mail and firms that you do not trust with your personal data such as Facebook.
GDPR has revolutionised and simplified your right to access your data free of charge and empowers you to take back control.
Your personal data is a valuable commodity which belongs to you and you need to know how it is being used. Do you know how your personal data is being processed?
Please note that this is a sponsored post to promote the services of Rightly and I will receive a fee per case referred. All views and opinions are my own.