GDPR DATA PROTECTION (2)
The General Data Protection Regulation has beefed up the rights of data subjects in relation to personal and sensitive data.
DATA SUBJECT RIGHTS
Personal and sensitive data must only be used in accordance with data protection regulations. For example a data controller may only obtain and use the information fairly.
A data subject has the right to information from a data controller about the data the data controller holds in relation to the data subject.
A data subject has the right to access the personal data a data controller holds on him or her.
A data subject has the right to know if his or her personal or sensitive data is being held by a data controller.
A data subject may have the right to change or, in some cases, remove his or her details
A data subject has the right to prevent the use of his or her personal data.
A data subject has the right to remove his or her details from a direct marketing list.
A data subject may have the right to object to the use of his or her personal details even if it is for official purposes, in the public interest or in the interest of the data controller if the data subject feels that it could cause him or her unnecessary damage or distress.
A data subject has the right to refuse direct marketing calls or mail.
PENALTIES AND FINES
Fines can be up to €10 million or 2% of global annual turnover,whichever is the higher. This is in respect of Article 83(4) infringements. In respect of Article 83(5) infringements the fines may be up to €20 million or 4% of turnover, whichever is the higher.
Instead of a fine, the DPA may issue a reprimand to a data processor or controller. It can also, inter alia, issue a ban on processing data which can be temporary or definitive.
Member states will have the ability to apply penalties for GDPR infringements.
Data subjects will have the right to claim compensation.
Both data controllers and data processors may be open to claims for compensation.
Sometimes there is more than one data controller or processor involved. In those cases each of them is liable for the entire compensation.
Data subjects can claim compensation for both material and non material damage.