The new regulations place the individual’s (data-subject’s) right to privacy at the centre of legislation. That is expressed in three main ways.
- The data-subject must give consent to their data being held.
- Organisation handling that data must keep it secure, must not misuse it, and only use it for the purposes for which it has been supplied.
- The data must be accurate and as far as possible up to date.
Article 5 of the GDPR sets out six underlying principles which will ensure those rights:
- Transparency: data must be processed lawfully, fairly and in a transparent manner in relation to individuals.
- Purpose limitation: data must be collected for specified, explicit and legitimate purposes. (Non-profit religious organisations have a legal right to collect religious data under condition 9 (2) (d) of the Regulations.)
- Minimisation: data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy: reasonable steps need to be taken to ensure that data is accurate and up to date.
- Retention: data should be kept for no longer than in necessary for the purposes for which it was collected.
- Security: data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
And article 5 (2) states that the Controller (which is the organisation rather than a named individual) shall be responsible for ‘…and able to demonstrate’ compliance with the principles.
WHAT IF WE GET SOMETHING WRONG?
If we make a mistake that results in incorrect information about a person, business or any other organisation being published by us or the media, we will endeavour to correct or retract and remove this information at the earliest possible opportunity.
We cannot be held responsible for incorrect information being published that we don’t know about or if a third party does not respond and act in a timely manner to remove the incorrect information when requested to do so.