Data subject rights

1. Data subject rights

Welcome back! Under GDPR, data subjects are natural persons. Their general rights have already been covered in the GDPR principles. But they also have specific rights in chapter 3 of GDPR. Let's find out more.

2. What are the rights?

According to GDPR, in brief, the specific data subject rights are the right to - information, access their data, Correct their data, erasure, object or restrict processing, portability of data, and rights related to automated decision making.

3. Right to information

Data subjects have the right to know how you use and treat their data. You have to provide this information while seeking user consent. You can also state it in a privacy policy or data protection statement on your website, even if consent is not your legal basis. It's closely linked to the transparency principle.

4. Right to access

Individuals can request a copy of their personal data held by a data controller. This data subject access request should be in writing. They should determine the request's legitimacy in consultation with their DPO and process it within a calendar month, with some exceptions. The data provided should be free of charge unless in exceptional cases where the request is excessive and repetitive in a short span.

5. Right to correction/ accuracy

Data subjects have the right to correct their information. Be it factual, like their spelling, or subjective- the notes you may have taken about them during a meeting.

6. Right to erasure

The right to erasure, also known as the right to be forgotten, gives individuals a choice to have their data removed, with some exceptions. This includes withdrawing consent to a previous processing activity. For instance, you can unsubscribe from marketing emails from a company and ask them to delete your details.

7. Objection or restriction to processing

In some cases, data subjects can restrict or object to the scope of their data use. For instance, they may ask the controller to stop using their data without deleting it. It only applies in some cases, and we'll see later that data subject rights have limitations.

8. Data portability

Data subjects can request their data in a structured file format and ask their current service providers to transfer it to another. For instance, when you change phone company, your previous company should be able to transfer your data to the new one.

9. Rights related to automated decisions

When they are subject to wholly automated decisions, data subjects can demand an explanation of algorithmic decisions and request human intervention. We'll discuss GDPR, artificial intelligence, and ethics in the final video of the course.

10. Limitations

The data subject rights are not absolute rights. They have several limitations. Controllers may be unable to fulfill requests if they require a disproportionate effort. And they should not infringe upon other rights like intellectual property rights or the rights of other individuals. The requests should also be lawful. It might be easy to assess requests with the help of your DPO or privacy lawyers.

11. Let's practice!

Great! We've learned so much about GDPR principles and data subject rights. In the following video, we'll explore the operational aspect of technical and organizational measures for data processing security. Before that, let's practice applying your data subject rights knowledge.

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.