The Main Principles of GDPR:
IDG is at the forefront of General Data Protection Regulation (GDPR) with considerable experience in data cleansing and enhancement solutions with a data preference centre providing robust and sustainable consent programmes.
Accountability and Transparency
Under the new regulations, data controllers will need to continually maintain demonstrable evidence of compliance and be able to produce it when required.
Consent must be “freely given, specific, informed and unambiguous and given by a means of statement or clear, affirmative action”.
Right To Be Forgotten
Provided there are no legitimate grounds for controllers to retain data, individuals now have the right to request it is deleted. Furthermore, controllers must take reasonable effort to ensure third parties are informed of the individual’s request.
Subject Access Request
Individuals have the right to access their data at no cost, within one month. Individuals may also request that data gathered about them is narrowed down.
Individuals can request that their data be provided in a useable format for direct transfer to another controller.
It is mandatory for companies and organisations to notify the supervisory authority in the event of a breach within 72 hours. Subjects must be contacted in the event of a high risk breach to implement appropriate measures.
Breaches of the new legislation will incur heavy sanction.