View all episodes of the "KPMG Privacy" video series.
- Welcome to KPMG’s privacy video series, and the third of three videos dedicated to understanding personal data under GDPR.
- Data subject rights are one of the most challenging areas of GDPR for most organizations and requests to exercise these rights are already coming through for many.
- This requires a deep understanding of personal data footprint and lifecycle as well as the associated business processes including the purpose of processing
- Data subject rights may include the following points:
1. Accurate and informative notice of how data is being used, including purposes of use and transfers.
2. Minimizing the collection, use and retention of data in line with defined use purposes.
3. The ability to opt-out of data collection and use after initial consent.
4. The ability to request that data is no longer used or maintained, and evaluation of this request against legal requirements.
5. Full access to data including the ability to update it and port it to another organization or platform.
- Ask yourself: is your organization ready to respond to a data subject request.
- The next step is to layer request analysis and communication procedures on top of data understanding.
- Our clients are often tripped up by a lack of procedures to support identifying, triaging and escalating requests related to data subject rights, or awareness of these procedures.
- This risk for non-compliance is significant and must be addressed early on across the organization.
- Thank you for your time and attention as we wrap up our review of understanding personal data under GDPR.
- Thanks for watching.