In replacing the Data Protection Directive, one of the main differences the GDPR has brought is Article 20. This involves data portability, which allows individuals to request copies of their personal data, and then have it transmitted to a different controller.
The purpose of the right to data portability is to promote interoperability between systems and to give greater power to the citizen over the data that controllers hold and an increased level of control and choice.
Data subjects should be able to move between service providers without any loss of data and, therefore, enjoy a seamless transition that avoids the data subject having to re-input any information.
Rationale of the proposal
The aim of the proposed right is to create a “level playing field” for newly established service providers that wish to take on more established providers but are unable to do so because of the barrier posed by potential customers not wishing to have tore-input all of their data.
Difficulties for businesses
Some problems will arise for a business in relation to porting that data, such as identifying the appropriate contacts at the other controller entity, the necessary format for the data and effecting the porting of the data. Taking the steps necessary to affect the data porting will, of course, present an additional cost of business that entities need to factor into future operations.”
You can read the rest of the article here.
IDLink is targeting the difficulties that the article mentions, per example by helping companies authenticate individuals to make sure that data is ported to the right person. IDLink also helps structure the data and provide it in the necessary formats. Finally, IDLink transfers the data securely and with full audit log. If this is something we can help your company with, contact us at www.idlink.eu/contact.