What is the GDPR’s “Right to Object”?
The “Right to Object” is one of the eight data subject rights that organisations must uphold in order to comply with the General Data Protection Regulation (GDPR).
In an increasingly digital-first world, the amount of data we generate on a daily basis has grown astronomically: in 2020, it’s estimated that the average person generates 2.5 quintillion bytes of data per day.
These days, protecting your privacy online takes more than installing antivirus software on your devices and setting strong passwords. With just one absentminded click of a phishing email or a failure in your cloud software services, your valuable data could be compromised.
To keep your personal data safe in the event of unexpected data breaches and hacking attempts on your device, both you and the organisations who store and process your data must have sufficient data security processes in place.
Data security encompasses a range of tools and strategies that should be applied in a way that meets both your data protection needs and industry compliance regulations. Below are examples of standard data security controls:
Encryption: Encryption is a process in which sensitive data, such as passwords and private messages which are entered into systems as readable plain text, are “scrambled” into unreadable ciphertext that can only be decoded using the right decryption key. Encryption is one of the most commonly-used data security tools available, however it is only as effective as the type of encryption algorithm used is unbreakable.
Authentication and authorisation: If you’ve logged into social media using a different device, you’re probably familiar with these two security controls. Authentication is where a web server confirms whether a client (the person or device trying to gain access) is who they say they are. This is usually done using tools like fingerprint scans, password systems, card numbers, etc. Authorisation is the process through which the server determines the rights and permissions that should be given to a certain client, once they have gained access to an account, set of files, etc.
Data masking: Before a client is authorised to view a piece of data, one can temporarily hide or alter (“mask”) parts of that data to protect it.
Data erasure: This is where data that is no longer needed or should be permanently removed is overwritten so that it cannot be recovered.
Backups and recovery: You never know when your computer’s operating system or cloud storage software could crash, so having a data backup and recovery policy is key. A good backup plan would involve regular, scheduled backups of your data and retaining copies of this data off-site and on separate systems, such as on an external hard-drive.
The General Data Protection Regulation (GDPR) contains a series of data security requirements that must be upheld by organisations who control or process the data of citizens based in the European Union and European Economic Area.
To address security issues and regulatory concerns around the transfer and storage of data across different geographical regions, which often vary in data protection compliance, the GDPR aims to standardise this process to ensure all EU consumers’ have consistently protected privacy, no matter where their data ends up or who manages it.
In Article 32 of the GDPR, it explains that data controllers and processes must implement “appropriate technical and organisational measures” to ensure they provide a level a security that is appropriate for the amount of risk involved with processing someone’s personal data.
For businesses that need to audit their own data security practices and ensure they are in compliance, this website provides a comprehensive checklist based on the GDPR’s data security principles. It’s easy to say you “have nothing to hide”, but your financial transactions, browsing activity, social media, and emails can collectively reveal a lot about you — and could be manipulated and used against you, if such information falls into the wrong hands.
Whether you’re concerned about your own privacy online or if you are a business that processes customer data, taking a proactive and holistic approach to data security is crucial to avoid losing valuable data and compromising sensitive personal information.