Context:

In order to further promote transparency and clarity the information which individuals can receive should be clearly explained. The Article 29 Working Party (European Data Protection Board) recommends in particular that the difference between the types of data that an individual can receive using the portability right or the access right be explained.

Considerations:

Think about how most clearly to display these differences. Placing both outputs in your privacy notice will help but be careful to place them in context such that the difference/comparison can be made.

How to:

Clearly describe the information that can be received via the right of access and the right of portability:

Right of Access

  • confirmation that their personal data is being processed;
  • access to their personal data; and
  • other information including, for example, the purposes of processing, the categories of personal data, recipients of the personal data, retention periods and the right to request rectification or erasure and to complain to the ICO.

Right of Portability

  • a copy of their personal data in a commonly used and machine-readable format;
  • require the data controller to transmit the personal data to another data controller.

References:

  • GDPR Recitals: 68, 73
  • GDPR Articles 2, 15, 20
  • Article 29 Working Party: Guidance on Data Portability

How Gydeline helps

We, at Gydeline, help organisations of all types and sizes to save money and time through better and simpler compliance.  We do this with software and services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, no obligation assistance – just contact us.

Related Posts

Archives