Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Five Smart Steps to Prepare for GDPR Data Subject Rights
Many corporations around the globe are preparing for May 2018, when Europe's General Data Protection Regulation (GDPR) enforcement kicks in. The regulation encompasses a wide range of nuanced privacy requirements that can be challenging to operationalize. In particular, requirements around the rights of European data subjects — which include the right to be forgotten and rights to access, rectification and objection to processing — will be some of the most difficult to address.
The GDPR states that individuals should have the right to access their personal data so that they are aware of and can verify the lawfulness of its processing. Requests must be responded to promptly, within one month, leaving companies very little time to perform a task that they may not be equipped to handle. The right to be forgotten provision presents similar challenges, giving EU citizens the option to require erasure of their personal information. No barrier exists for citizens to enact these rights, and some countries are planning campaigns to educate the public on them in the coming year. The most operationally complex new data subject rights are:
- Right of Access: EU residents may at any time obtain access to their personal data (what it is, where it is stored and how it is processed) from any entity that houses this information.
- Right to be Forgotten/Right of Erasure: Individuals covered by the GDPR, may at any time require an organization that stores their personal data to dispose and erase their personal data from any and all information sources.
- Right of Data Portability: Data subjects may require an organization to transmit their personal data directly from one controller to another, requiring a company to securely migrate everything containing information on a subject to another provider when processing was based on consent or a contract.
- Right to Restrict Processing: Individuals have a right to “block” or suppress processing of personal data. When processing is restricted, an organization may store the user's personal data, but not further process it and may retain just enough information to ensure that the restriction is respected in the future. Individuals also have a right to not be subject to automated processing or profiling.
Examining what the invocation of a data subject's rights would look like in reality can underscore the importance of this issue. Take the hypothetical example of a medium-sized life insurance company that insures one million customers and must fulfill an average of one data subject access request per insured once every 2,000 years. This conservative estimate equals .05% of one million — or 50,000 requests — per year. Boiling that 50,000 down to the day equals 200 requests per day, or 25 requests per hour for a standard eight-hour work day. Consider the dedicated staff and resources that may be needed to handle such a burden. Organizations in banking, insurance, retail and other industries that involve large volumes of private customer data should realistically prepare for volumes higher than conservative estimates.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Bankruptcy Sales: Finding a Diamond In the Rough
There is no efficient market for the sale of bankruptcy assets. Inefficient markets yield a transactional drag, potentially dampening the ability of debtors and trustees to maximize value for creditors. This article identifies ways in which investors may more easily discover bankruptcy asset sales.
Law Firms are Reducing Redundant Real Estate by Bringing Support Services Back to the Office
A trend analysis of the benefits and challenges of bringing back administrative, word processing and billing services to law offices.
Bit Parts
Summary Judgment Denied Defendant in Declaratory Action by Producer of To Kill a Mockingbird Broadway Play Seeking Amateur Theatrical Rights
Risks of “Baseball Arbitration” in Resolving Real Estate Disputes
“Baseball arbitration” refers to the process used in Major League Baseball in which if an eligible player's representative and the club ownership cannot reach a compensation agreement through negotiation, each party enters a final submission and during a formal hearing each side — player and management — presents its case and then the designated panel of arbitrators chooses one of the salary bids with no other result being allowed. This method has become increasingly popular even beyond the sport of baseball.
One Overlooked Element of Executive Safety: Data Privacy
Executives have access to some of the company's most sensitive information, and they're increasingly being targeted by hackers looking to steal company secrets or to perpetrate cybercrimes.