The main policies that are being implemented in the GDPR Bill are:
- Privacy: Strengthened consent rules that will mean consent is unambiguous and easy to withdraw. The bill looks to end the reliance on opt-out tick boxes that are “largely ignored” so that users know what they are signing up for.
- Improved data access: Individuals will find it easier to access information that organisations hold about them at no charge.
- Data portability: New rules will make it easier for customers to move data between service providers. This means that if you’re using email or file storage services to store personal photographs or personal data, you should be able to move that data.
- Right to be forgotten: Individuals will be able to ask for their personal data to be erased. This will also include the ability for individuals to request that posts on social media be removed. This is specifically tailored towards posts that users made as children.
- Profiling: Individuals will have greater say in decisions that are made about them based on automated processing. Where decisions are based solely automated processing individuals can request that processing is reviewed by a person rather than a machine.