In this video, Mandy Huth demonstrates the right of portability under GDPR. Review data transmission, copies, data transfer, and storage. Also considered is inferred data.
- [Instructor] Article 20 of GDPR discusses the rights of data subjects to transfer their data. Data subjects can receive their data and have the right to transmit that data to another controller without hindrance upon request. Data should be transferred anywhere it is technically feasible, without prejudice. There are four scenarios outlined in the regulation. The first are copies. Controllers are required to provide copies in a format that individuals can use in a normal way.
Machine-readable format means a form that computers can process. Next is data transfer. Controllers must be ready to transfer data between controllers without hindrance to one another. This scenario ensures facilitation between organizations that may process data. The third tenet is storage. One of the media types data subjects have the right to have their personal stored on, is their personal device.
Currently, there are no clear guidelines on how controllers could implement this, but it is an option. The last tenet is data transmission. This scenario is when a data subject requests a direct transfer of their data, thereby eliminating themselves as a middle man between controllers. This could be an efficient manner for data transfers to occur. An important consideration here is inferred data, which is not included in this right. Examples of this are a credit score, or the results of a health assessment.
Because those are outcomes, or results, they are excluded from portability. Understanding portability, which allows individuals to obtain and reuse their personal data for their own purposes, is important for controllers to understand, because they must do so without hindrance.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Define the objectives of GDPR relating to the personal privacy of citizens.
- Determine the responsibilities of data protection officers under GDPR.
- Identify the rights of citizens in the event of a data breach.
- Review the steps that must be taken in the event of a data breach.
- Describe the notification process in the event of a data breach.