Skip to main content Skip to footer

GDPR: What Rights Do Individuals Have?

So this is the one that matters to all of us. Under the new legislation, businesses must provide a lawful basis before they can process personal data, and this in turn affects an individual’s rights. This is not painful but it is important for companies to consider how these rights will impact their HR data and how they go about obtaining consent to retain and process this data. In this blog we will concentrate on the rights that employees will have when it comes to their personal data.


Each member of staff will have the right to be given the information that a company holds on them, how this is being processed and why. This is a reasonable ask and the organisation must do this in a fair and transparent way and a definition of what this means could also be put into this communication. This is generally communicated through privacy notices, as discussed in the previous blog.


Organisations must be able to provide employees with information about what is being processed and also give them access to this data free of charge. Now there will be a cost in time and effort but it must be provided in an acceptable, consistent format in one communication so not in a huge meaningless CSV file. This will mean collating all information into one central point and in one format, be that printed, in electronic format or any other applicable format.


Personnel will have the right to stop or suppress the processing of personal data, following a similar standard as the Data Protection Act. If the processing is restricted companies may be able to hold the data but will no longer be able to process it. Of course there will regulatory reasons why companies must retain HR data but it important to understand what the impact would be if you are no longer able to process it. In some organisations this may prove to be difficult.


Any staff member may obtain their personal data and use this for their own purposes, by allowing them to move, copy or transfer personal data.


Individuals have the right to object to processing in certain circumstances, be that for direct marketing, research, profiling, or matters of interest to the public or the execution of official authority. This is something that could be addressed when someone joins an organisation and regular reviews to check staff are happy with current data processing.


Should any data be deemed to be inaccurate or incomplete people have the right to have this corrected. Any requests for information to be made factually correct must be respond to within one month, unless the request is seen to be complex. Additionally, if this data has been passed on to any third parties then the individual must be informed who this has gone to, why this was done and any correction actions that have been undertaken.


This is also known as ‘the right to be forgotten’. It allows anyone to request that their personal data is deleted if there is no reason to keep it. Therefore, it is important to understand what information must be retained from a regulatory perspective and for how long.


The GDPR gives protection to individuals to prevent the use of decision making without the intervention of a human being. This enables them to get human intervention, express their viewpoint, be given an explanation as to why this decision was made and ultimately have the opportunity to challenge it.

Additionally, it will no longer be acceptable to carry out automated offers based on specific personal information that could be held on an individual, for example but not limited to their age, demographic or lifestyle.

To read our previous GDPR blog, on What to Consider When Communicating Privacy Information, here.

About the author

Ben Crick

Get in touch

Want to find out more? Get in touch and discover what Symatrix could do for your business. We’d love to chat.

Cookie Notice

Find out more about how this website uses cookies to enhance your browsing experience.

This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. If you continue to use  the site we shall assume your consent to the use of cookies. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers