The GDPR makes it possible for customers and potential customers to obtain information about the way in which their data has been processed. Therefore, businesses will have to operate with complete transparency.
Currently, the marketing departments of many businesses already have processes in place that enable them to answer questions that relate to the way in which data is being used. However, GDPR will expect them to ensure that these processes are formalised.
The GDPR provides the following rights to individuals:
· The right to be informed
· The right of access
· The right to rectification
· The right to erasure
· The right to restrict processing
· The right to data portability
· The right to object
· Rights regarding automated decisions and profiling
It can prove to be a challenge to apply GDPR and other data protection laws to data that is unstructured. However, business have a duty to put the correct measures in place both technically and at an organisational level to ensure that they comply with GDPR. This will prove that they have incorporated data protection into the way they process data. This will also include an indication of the source of the data that the organisation holds.