Rights of Data Subjects
The rights conferred by Chapter III of the GDPR — which the organisation must guarantee.
The GDPR does not protect data for the elegance of its architecture, but because data belong to people. Chapter III confers on data subjects a set of rights the organisation must guarantee — and which the Data Protection Officer helps to operationalise, being itself the point of contact for data subjects.
Each request has time limits and formalities. Answering well, and in time, is both a legal obligation and one of the most visible demonstrations of respect for the person.
| Right | Content | Basis |
|---|---|---|
| Information | To receive clear information about the processing of personal data, at the time of collection. | Arts. 13–14 |
| Access | To obtain confirmation of whether data are being processed and to access those data and the related information. | Art. 15 |
| Rectification | To have inaccurate data corrected and incomplete data completed. | Art. 16 |
| Erasure | To obtain the erasure of personal data — the so-called right to be forgotten — where the conditions are met. | Art. 17 |
| Restriction | To obtain the restriction of processing in the cases provided for in the Regulation. | Art. 18 |
| Portability | To receive the data provided in a structured, commonly used and machine-readable format, and to transmit them to another controller. | Art. 20 |
| Objection | To object, on grounds relating to the particular situation, to processing based on legitimate interests or carried out for direct marketing. | Art. 21 |
| Automated Decisions | Not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. | Art. 22 |