Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Five Smart Steps to Prepare for GDPR Data Subject Rights
Many corporations around the globe are preparing for May 2018, when Europe's General Data Protection Regulation (GDPR) enforcement kicks in. The regulation encompasses a wide range of nuanced privacy requirements that can be challenging to operationalize. In particular, requirements around the rights of European data subjects — which include the right to be forgotten and rights to access, rectification and objection to processing — will be some of the most difficult to address.
The GDPR states that individuals should have the right to access their personal data so that they are aware of and can verify the lawfulness of its processing. Requests must be responded to promptly, within one month, leaving companies very little time to perform a task that they may not be equipped to handle. The right to be forgotten provision presents similar challenges, giving EU citizens the option to require erasure of their personal information. No barrier exists for citizens to enact these rights, and some countries are planning campaigns to educate the public on them in the coming year. The most operationally complex new data subject rights are:
- Right of Access: EU residents may at any time obtain access to their personal data (what it is, where it is stored and how it is processed) from any entity that houses this information.
- Right to be Forgotten/Right of Erasure: Individuals covered by the GDPR, may at any time require an organization that stores their personal data to dispose and erase their personal data from any and all information sources.
- Right of Data Portability: Data subjects may require an organization to transmit their personal data directly from one controller to another, requiring a company to securely migrate everything containing information on a subject to another provider when processing was based on consent or a contract.
- Right to Restrict Processing: Individuals have a right to “block” or suppress processing of personal data. When processing is restricted, an organization may store the user's personal data, but not further process it and may retain just enough information to ensure that the restriction is respected in the future. Individuals also have a right to not be subject to automated processing or profiling.
Examining what the invocation of a data subject's rights would look like in reality can underscore the importance of this issue. Take the hypothetical example of a medium-sized life insurance company that insures one million customers and must fulfill an average of one data subject access request per insured once every 2,000 years. This conservative estimate equals .05% of one million — or 50,000 requests — per year. Boiling that 50,000 down to the day equals 200 requests per day, or 25 requests per hour for a standard eight-hour work day. Consider the dedicated staff and resources that may be needed to handle such a burden. Organizations in banking, insurance, retail and other industries that involve large volumes of private customer data should realistically prepare for volumes higher than conservative estimates.
Some organizations are responding with manpower — hiring additional staff to churn through incoming requests. Yet, extra resources may not fully mitigate the inherent risks that come with thoroughly and comprehensively fulfilling requests, controlling data leakage or enabling the right to be forgotten. In an already challenging data landscape, where most organizations deal with high volumes of data in many locations, disparate tools, lack of holistic information governance (IG) and a lack of standardized guidelines for GDPR readiness, it's easy to feel overwhelmed and underprepared.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?