Under Article 22 of the UK GDPR, individuals have rights related to automated decision-making and profiling. Learn how companies should respond. Article 22 of the UK GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects. This affects: Where…
Children have enhanced data protection rights under UK GDPR. Learn how companies working with under-18s should comply. The UK GDPR gives special protection to children’s personal data. If your company provides services to or collects data from individuals under 18, specific rules apply. Key principles include: These rights tie into the right to be informed,…
The right to be informed (Articles 13 and 14 of the UK GDPR) requires companies to explain how they use personal data. Learn how to comply with transparency obligations. Under Articles 13 and 14 of the UK GDPR, individuals have the right to be informed about how their personal data is collected and used. This…
Article 21 of the UK GDPR gives people the right to object to certain types of data processing. Learn how your company should handle objections. Under Article 21, individuals can object to processing based on: Once someone objects, you must stop processing unless you can demonstrate compelling legitimate grounds that override their interests. 💡 Tip:…
Article 20 of the UK GDPR gives individuals the right to receive and reuse their data. Learn how companies should prepare. Article 20 of the UK GDPR allows individuals to receive a copy of their personal data in a structured, commonly used, machine-readable format. This typically applies when: Examples include payroll records, client CRM exports,…
The GDPR gives individuals the right to be forgotten in certain cases. Understand what this means for your company. Article 17 of the UK GDPR gives individuals the right to request the erasure of personal data where: However, this isn’t absolute. You may retain data if you need it for legal claims, compliance, or public…
Under Article 18 of the UK GDPR, individuals can limit how their data is used. Here’s when and how restriction applies Article 18 of the UK GDPR gives people the right to restrict how their data is used in specific scenarios, such as: During restriction, you may store data but not use it. You must…
Under GDPR Article 16, individuals have the right to correct inaccurate personal data. Learn how your company can stay compliant. Under Article 16 of the UK GDPR, individuals have the right to request the correction of inaccurate or incomplete personal data. Common requests include updates to: Companies must respond without undue delay, usually within one…
The UK GDPR gives individuals the right to access their personal data. Here’s what companies need to know about handling Subject Access Requests (SARs) effectively. The UK GDPR gives individuals the right of access under Article 15. This allows people to ask what personal data your company holds about them and request a copy. SARs…
Subject access requests are easier (and cheaper) if you delete what you no longer need. Here’s why that’s strategic. Subject access requests (SARs) are rising — and they are expensive. But here’s the secret: the less data you hold, the less you have to search, redact, and disclose. Retention policies don’t just reduce legal risk….