Rights of the Individual
Your procedures need to ensure all the rights of individuals include how you delete personal data or provide data electronically in a commonly used format.
The main rights for individuals under the GDPR will be:
• subject access,
• inaccuracies corrected,
• information erased,
• direct marketing,
• prevent automated decision-making and profiling, and
• data portability (updated one)
The rights individuals under the GDPR are mostly the same as those under the DPA. Does your current procedures cover how you would react if someone asks to have their personal data deleted, how do you locate and delete the data? Who makes the decisions about deletion?
The right to data portability is new. This is an enhanced form of subject access where you have to provide the data electronically and in a commonly used format. You probably have all of these covered and it is also good to check before GDPR is introduced