GDPR compliance—right to object
GDPR compliance—right to object

The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:

  • GDPR compliance—right to object
  • The right to object and other data subject rights
  • The right to object—what is it and when does it apply?
  • Objection or withdrawal of consent
  • Information requirements
  • Dealing with objections
  • Compliance challenges
  • Temporary restriction of processing
  • Consequences of non-compliance with the GDPR
  • Right to object readiness checklist

Brexit: As of exit day (31 January 2020), the UK is no longer an EU Member State, but it has entered an implementation period during which it continues to be treated by the EU as a Member State for many purposes. The UK must continue to adhere to its obligations under EU law, including in relation to data protection, and the ICO has confirmed the GDPR will continue to apply during the implementation period. For more information, see: Practice Note: Brexit—implications for data protection.

The General Data Protection Regulation (GDPR), in force from 25 May 2018, provides for enhanced rights for data subjects in the EU including in relation to access, rights of rectification, erasure and restriction of processing and data portability, and a right not to be subject to a decision based solely on automated processing, including profiling, with strict time limits for complying.

The right to object to the processing of personal data is set out in Article 21 of the GDPR. It is not an absolute right and applies only in certain circumstances—see: The right to object—what is it and when does it apply? The right to object has been strengthened and extended under GDPR as compared with the right under the pre-GDPR regime.

Where the data subject objects under Article 21, you must cease processing the personal data unless you demonstrate compelling