In this multipart guide, we will be assessing your rights and obligations in the rapidly approaching GDPR, equipping you with the knowledge to stay secure once the new regulation comes into play.
The right to object applies to the processing and use of personal data, where individuals have the right to object to direct marketing, processing for scientific/historical research and statistics, legitimate interest processing, and processing in regards to the performance of a public interest or official authority task. If your processing activities falls under direct marketing, research, or any of the other categories discussed below, and your data processing is carried out online, it is important to note that you are required to have a way for individuals to object online.
Communicating the right to object
It is essential that you communicate the right to object at the first point of communication, where this must be “explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information”. This should also be included within your privacy notice in an accessible and clear manner.
Compliance in direct marketing and research
The right to object states that there are no exemptions or grounds to refuse a right to object within direct marketing. You must stop processing personal data for direct marketing purposes as soon as the objection request is received, regardless of the time and without charge.
Within the category of research purposes, individuals must have “grounds relating to his or her particular situation” in order to exercise their right to object to further research processing. If you are conducting research where the processing of personal data is necessary for the performance of a public interest task, you are not required to comply with an objection to the processing.
“But what if I am processing personal data for the performance of a legal task or under legitimate interest?”
In this case, individuals must have an objection on “grounds relating to his or her particular situation.” You must stop processing the personal data unless you can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual, or if the processing is for the establishment, exercise or defence of legal claims.
To find out more about GDPR compliance within your business and best practise for data processing, give MarketDeveloper a call today on +44 1784 432 082.