Who owns the data? Is it the organisation that collects and processes the data, or the individual to whom it refers?
Well, the GDPR doesn’t deal with the question of data ownership, but it does make it clear that Data Subjects should be in control of how their data is Processed.
A good approach
Think of the Personal Data provided by a Data Subject as being on loan to your organisation. Your organisation does not own the data, at all.
The Data Subject has the right to decided how, and for what purpose, the Personal Data can be used and by whom. If they are not happy in any way, they have recourse to be able to change things thereby putting them in control of their data.
Where can I find out more information about who owns the Personal Data of a Data Subject?
The Jaz'ing Up GDPR! book covers who owns the Personal Data of a Data Subject in more detail in a fun and easy to understand way without all of the bureaucratic legalise that is common in all other books and discussions about the GDPR.
The book is full of cartoons and call outs to make it easier to grasp what GDPR is all about and is split into 3 main sections.
- GDPR Nuts and Bolts explains everything you need to know about the GDPR and who owns the Personal Data of a Data Subject.
- Staff Toolbox that is designed for staff who work with personal data and need to get a grounding on the subject.
- Your Rights as a Data Subject is written from the point of view of the individual person who is affected by the GDPR so that they know there rights and the types of things they will be asking for.