GDPR is here, so what? (Part 2)

GDPR is here, so what? (Part 2)

Previously we looked at the impact GDPR laws have on the use of “personal data.” In this post we will address Subject Access Requests, portability, and the right to be forgotten.

This law provides users with many rights, key among them is the opportunity for an individual to see what personal data a collector has acquired by submitting a Subject Access Request (SAR). This information is to be provided within a month of the request and, except for a “reasonable fee” to cover administrative costs, must be provided free of charge.

The law provides for data portability with some exclusions. These exclusions are for data that is “derived or inferred from data provided by the data subject.” For example, a behavior profile that was built using algorithms applied to data collected from the subject is not subjected to portability. However, the data that was used to build the behavior profile must be provided as part of the portability clause.

One of the more popular and important parts of the law is the right to be forgotten. This may also be one of the most challenging parts of the law to implement. Upon request a collector must remove all instances of data related to a subject. For large companies with multiple databases the challenge in locating all data related to the subject could be daunting. Most databases and programs were not designed with the expectation that such a request would ever be made. Newer systems will likely account for these requests, but until these systems are deployed this will likely stress businesses trying to comply with the law.

Is GDPR a good thing? Certainly, an individual should be in control or aware of their data. However, in the short term we anticipate that there will be significant challenges in reaching full compliance.

Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free risk analysis. Check out our quick quiz to see if your practice is compliant!

For more information go to our website:

June 4, 2018 HIPAA Blogs
About admin

Leave a Reply

Your email address will not be published. Required fields are marked *