CALL US 1-888-553-2256

EU GDPR Knowledge base

'. get_the_author_meta('first_name'). ' '.get_the_author_meta('last_name').'

8 data subject rights according to GDPR

Author: Punit Bhatia

One of the key objectives of the new European General Data Protection Regulation (GDPR) is to ensure the privacy and protection of the personal data of data subjects. To help data subjects in being assured of the protection and privacy of their personal data, GDPR empowers data subjects with certain rights. Through these rights, data subjects can make a specific request and be assured that personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided. Let us understand the different rights requests that a data subject can make as a customer, as an employee, and as personnel of a supplier.

1) Right to information

This right provides the data subject with the ability to ask a company for information about what personal data (about him or her) is being processed and the rationale for such processing. For example, a customer may ask for the list of processors with whom his or her personal data is shared.

2) Right to access

This right provides the data subject with the ability to get access to his or her personal data that is being processed. This request provides the right for data subjects to see or view their own personal data, as well as to request copies of the personal data.

3) Right to rectification

This right provides the data subject with the ability to ask for modifications to his or her personal data in case the data subject believes that this personal data is not up to date or accurate.

4) Right to withdraw consent

This right provides the data subject with the ability to withdraw a previously given consent for processing of their personal data for a purpose. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.

5) Right to object

This right provides the data subject with the ability to object to the processing of their personal data. Normally, this would be the same as the right to withdraw consent, if consent was appropriately requested and no processing other than legitimate purposes is being conducted. However, a specific scenario would be when a customer asks that his or her personal data should not be processed for certain purposes while a legal dispute is ongoing in court.

6) Right to object to automated processing

This right provides the data subject with the ability to object to a decision based on automated processing. Using this right, a customer may ask for his or her request (for instance, a loan request) to be reviewed manually, because he or she believes that automated processing of his or her loan may not consider the unique situation of the customer.

7) Right to be forgotten

Also known as right to erasure, this right provides the data subject with the ability to ask for the deletion of their data. This will generally apply to situations where a customer relationship has ended. It is important to note that this is not an absolute right, and depends on your retention schedule and retention period in line with other applicable laws.

8) Right for data portability

This right provides the data subject with the ability to ask for transfer of his or her personal data. As part of such request, the data subject may ask for his or her personal data to be provided back (to him or her) or transferred to another controller. When doing so, the personal data must be provided or transferred in a machine-readable electronic format.

Who can make a rights request, and how?

A rights request can be made by an individual or an individual’s legal representative.  Such individual could be a customer, an employee, or personnel of a supplier working for the company. Also, such request should usually be made in writing.

Conclusion

Data subject rights form the core of GDPR, and your company must implement these rights in the context of its individual clients, employees, and personnel from other suppliers.

Click here to read the full text of the GDPR to learn more about the data subject rights.

If you enjoyed this article, subscribe for updates

Improve your knowledge with our free resources on EU GDPR regulations.

Leave a Reply

Your email address will not be published. Required fields are marked *

FREE EU GDPR CONSULTATION
Jonas Anderson
Lead EU GDPR Expert
Advisera

GET FREE ADVICE

Upcoming free webinar
How to integrate GDPR with ISO 27001
Wednesday – September 26, 2018

OUR CLIENTS

OUR PARTNERS

  • Advisera is Exemplar Global Certified TPECS Provider for the IS, QM, EM and AU Competency Units.
  • ITIL® is a registered trade mark of AXELOS Limited. Used under licence of AXELOS Limited. All rights reserved.
  • DNV GL Business Assurance is one of the leading providers of accredited management systems certification.