AF logo

What does GDPR mean for you?

Previously we outlined what the General Data Protection Regulation (GDPR) is and how it will affect how businesses handle data. As we continue to work to ensure AF is prepared for the launch of this major piece of EU legislation on the 25th May, we wanted to highlight how GDPR will give members greater rights over their data.

Under GDPR you will have the following rights -

Right to be informed

When you are asked to supply personal information you must be informed as to how your information is going to be used, how long it will be held for, or whether it will be passed to any third parties or other processors. If you order something online the company can use your information to process and fulfil the order. However, they cannot sell your information or send you marketing emails unless you have been informed and given consent for your data to be used in this way.

Right of access

You have the right to access your personal data and any other supplementary information. This allows you to be aware of the data that is held and to verify the lawfulness of the processing. Under GDPR, you can no longer be charged to access this information and the information must be provided within one month.

Right to rectification

You are entitled to have personal data rectified if it is inaccurate or incomplete.

Right to erasure

Also known as ‘the right to be forgotten’. You can request for your personal data to be deleted or removed when there is no longer a reason for processing, or if you withdraw your consent for processing.

Right to restrict processing

If, for example, your data needs to be held for a legal reason, your data may still be stored by an organisation. However, under right to restrict, you have a right to ‘block’ or suppress processing of personal data. An example may be if you unsubscribe from a mailing list. Whilst you have a right to no longer be contacted, an organisation may still store your address to ensure it is not included in future mailings.

Right to data portability

You can ask for any personal data to be handed over to you for your own purposes, or to transfer it to different services. For example, uploading transactional data to a price comparison website.

Right to object

You must be notified of your right to object at the first point of communication. When you object to processing, the company must stop processing your personal data unless the data is required for legal reasons.


Profiling is the automated processing of personal data to evaluate certain things about an individual. For example, Facebook will make assumptions about your profile based on the data you have given them, and data they collect about you. Under GDPR, this will be illegal unless you have given explicit consent.

Protecting your rights

All of these rights have been put in place to ensure your data is treated with integrity and with the utmost security. Indeed, under GDPR, if a data breach occurs and there is a high risk that your rights and freedoms will be adversely affected by the breach, you must be notified without undue delay.

AF will place even greater emphasis on being aware of, protecting and documenting how we use personal data, as well as limiting the processing of sensitive data. As an organisation that has always operated on a trust basis with members, AF is taking GDPR seriously, ensuring we are compliant with protecting your data at all times whilst delivering back to you. 

The content within this article is provided for information purposes only and should not be relied upon as legal advice.

< Back to news