GDPR (General Data Protection Regulation) has been dubbed the biggest data legislation overhaul. Notably, the GDPR breach compensation and penalties are bound to be more severe as the regulation seeks to ensure total protection of personal data. The GDPR rules place more importance on the right individuals have to their personal data and tightens requirements on businesses that gather, store and use personal data. The companies should ensure that the stored personal data is current, accurate, accessible to the owners and above all, it is used for the purpose that was declared upon collection. Otherwise, companies are required to delete all personal data that they no longer require for the declared purpose.
GDPR personal rights
Data access: you have the right to contact companies and request for a copy of all your personal data that they hold. This includes; CCTV footages, digitally held or written records containing personal data. You simply send a request to the particular organization and attach as much personal details as possible like; email address, photo ID and official names. The organization is obliged to respond to your request within one month.
Erasure: this is referred to as the right to be forgotten. You have the right to ask companies to erase your personal data.
Restrict processing: processing data refers to operations performed on personal data like; modification, recording, publishing, and collection. You have the right to request companies to stop processing your personal data but it can still be retained for storage.
Portability of the data: personal data should be stored in a portable format to ensure that it is easily transferable upon request.
Automated processing: this entails processing of personal data without human involvement. The processed data is used for profiling and making decisions. Automated processing is unlawful where individuals have not consented to it unless it is really required to address public interests. A good example is the Facebook Cambridge Analytica Scandal where personal data belonging to millions of Facebook users was harvested without their consent.
When to seek GDPR breach compensation
In the event your personal data has been exposed to third parties and misused due to a breach of GDPR rules, you have the legal right to seek compensation from the company that collected and stored the data, their data controller of processor. The personal data involved in GDPR breach compensation claims entails information that directly identifies an individual such as; PPS numbers and financial information that is not availed to the public. Note that, you could be entitled to GDPR breach compensation even without suffering any damages if any of your rights discussed above are violated.
It is not unusual for organizations to neglect data laws that protect personal information they gather and store. This leads to a myriad of issues like unwelcomes sales contacts by unknown people to very serious cases such as publication of intimate and private data without your consent as well as identity theft. When a company collects personal data, it has a legal duty to protect it and use it as described. Therefore, if you believe that your personal data was misused, do not hesitate to speak to a GDPR breach compensation solicitor.