What is Keillar Resourcing doing about an individuals rights under GDPR?


From the 25th May 2018 the General Data Protection Regulation (GDPR) will come into force.  The main aim of the GDPR is to offer EU citizens (and this includes UK citizens too) a level of protection from privacy and data breaches that the Data Protection Act (DPA) can no longer offer. This is because we now process vastly more data than we did back in 1995 (when the DPA was first created), meaning our digital landscape has now outgrown the DPA, and the GDPR has been created as a solution to this

The good news is that Keillar Resourcing are already in great shape to provide our candidates, clients and suppliers with a GDPR-ready recruitment process and methodology.

An individuals rights under GDPR

1.    Right to be informed

The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice.

It emphasises the need for transparency over how you use personal data.

2.    Right of access

Individuals have the right to access their personal data and supplementary information.

The right of access allows individuals to be aware of and verify the lawfulness of the processing.

3.    Right to rectification

The GDPR gives individuals the right to have personal data rectified.

Personal data can be rectified if it is inaccurate or incomplete.

4.    Right to erasure

The right to erasure is also known as ‘the right to be forgotten’.

The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

5.    Right to restrict processing

Individuals have a right to ‘block’ or suppress processing of personal data.

When processing is restricted, you are permitted to store the personal data, but not further process it.

You can retain just enough information about the individual to ensure that the restriction is respected in future.

6.    Right to data portability

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.

7.    Right to object

Individuals have the right to object to:

processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);

direct marketing (including profiling); and

processing for purposes of scientific/historical research and statistics.

8.    Rights related to automated decision making including profiling

The GDPR has provisions on:

automated individual decision-making (making a decision solely by automated means without any human involvement);and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.