Personal data management

For a significant-scale company, automation of personal data management is necessary to meet the key requirement of GDPR. People have the right to manage personal data and to be informed about their collection and use. You should be ready to provide information about the purpose of data processing at any time.

The rules regarding personal data management, lawfulness of their processing and obligations regarding the processing of special categories of personal data extend much further than the rights of the data subject. However, if data subjects wish to exercise one of their rights, then the controller (and processors) must be able to exercise that right.

The most difficult obligation of the GDPR for companies in 2019 was the exercise of the right to be forgotten."

IAPP

There are 8 fundamental rights of the data subject. They are listed in articles 15-22 of GDPR.
  • Article 15 - Right of access by the data subject. The data subject is entitled to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.
  • Article 16 - Right to rectification. The data subject has the right to request administrator to immediately rectify incorrect personal data concerning him.
  • Article 17- Right to erasure ("right to be forgotten"). The data subject has the right to request the administrator to immediately delete his personal data
  • Article 18 - Right to restriction of processing. The data subject has the right to request the controller to restrict processing of his personal data.
  • Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing. The administrator informs about the rectification or removal of personal data or restriction of processing, which he has made in accordance with art. 16, art. 17 sec. 1 and art. 18, each recipient to whom personal data has been disclosed.
  • Article 20 - Right to data portability. The data subject has the right to receive, in a structured, commonly used and machine-readable format, personal data concerning him, which he provided to the administrator.
  • Article 21 - Right to Object. The data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data.
  • Article 22 - Automated individual decision-making, including profiling. The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects the person in a similar way.

Enabling data subjects to exercise their rights is a difficult process and technological challenge. Considering that the data of one person is usually scattered over many systems, the fulfilment of each of these obligations involves checking and collecting data from all potential data sources. Be it a large IT environment or a smaller one, but with a lot of unstructured data – personal data management is a very demanding task. 

Features of automation in personal data management

Security

Checking legitimacy of the request based on the applicant's available data.

Completeness

Performing any type of request, including access to data, their deletion, processing restrictions, data transfer.

Efficiency

Identification of all processed personal data of the applicant.

Auditability

Confirmation that the request has been properly executed.

See also

Data anonymization
Personal data inventory

Contact

Write proper e-mail

Write message

Check consent

Thank you for the message !

Message sending...

Message cannot be sent !