Until very recently, citizens had four fundamental rights in relation to the processing of their data by companies. Four rights that we know as ARCO rights and which were designed under the Organic Law on Data Protection Spanish. These are the rights of access, rectification, opposition and cancellation of personal data. All of them created to protect citizens in a world, especially the internet, where companies handle huge amounts of confidential information.
However, since 25 May 2018, ARCO rights have had two additional rights. On that day, the General Data Protection Regulation, jointly developed by the European Parliament and the Council of the European Union, came into force. The aim? To further protect citizens against companies, institutions and blogs that use their personal data. These two rights, which are already enjoyed by all EU citizens, are the right to be forgotten and the right to data portability.
The latter, one of the new features of this Regulation, known internationally as the GDPR, The new law allows citizens to ask the controller of their personal data to provide it in a clear manner to another controller. The same as was already the case with telephone companies, but extended to all companies. The first one, the right to be forgotten, is where we are going to delve into next. Stay with us because it is a fundamental issue, both for citizens and for the companies in charge of pleasing them.
The right to be forgotten on the internet
Let's get straight to the point: the right to be forgotten is a right of petition through which citizens demand that a person or entity responsible for the processing of their data deletes them. However, this right hides certain limits. In this sense, users may only execute it when the personal data are no longer useful for the purpose for which they were collected, when they have been processed unlawfully or when they object to the processing in accordance with the right to object, among other conditions.
These conditions mean that, although it may appear to be an easy right for companies and freelancers who manage personal data to satisfy, they generate more problems than expected. In addition, we must bear in mind that users' confidential information is stored in many different places, generating even more confusion. In view of this, having a specialised company such as Adarsus could save your company fines amounting, in the worst case, to 600,000 euros. Complying with GDPR is essential.
But what exactly is this regulation that companies are so afraid of, and why has it generated such a stir? In the next section, before we go, we are going to give you the key facts about the GDPR Law.
What is GDPR?
The GDPR, short for General Data Protection Regulation, is the current regulation governing the European Union in the field of data protection. data protection. As we said, its main goal is to provide more control and security to citizens in relation to their personal information, especially in digital environments. In part, it is a response to the massive processing of personal data carried out in recent years by large multinational internet companies. But yes, it also affects SMEs, freelancers and blogs.
From the point of view of companies, the what is GDPR is a headache. Especially for the IT departments of all IT departments. The parameters for the collection, organisation, management and destruction of personal data have changed. The rules have changed. And these changes affect each company differently depending on its characteristics. However, at Adarsus we are ready to help you. All you have to do is pick up the phone, and we'll make your life a whole lot easier.
