/

Rights of Data Subjects under the GDPR

The Data Controller (“DC”) is the person who, alone or jointly, determines the purpose and means of the processing of personal data; in other words, is the person who decides why other’s personal data is processed and how it would be processed. Art. 4 (7) GDPR determines the purpose and means of the processing of Personal Data (PD).

All natural persons whose personal data is processed by a Data Processor (DP) or Data Controller (DC) within the territorial scope of the GDPR, are Data Subjects and hence entitled to these rights.

Data Subjects (DS)

Data Subjects (DS) are all natural persons whose personal data (PD) is processed by a Data Controller (DC) or Data Processor (DP) in the line with art. 3 General Data Protection Regulation. 

Right to be informed

Provide the information listed in art. 13 General Data Protection Regulation if the Personal Data (PD) was provided by the Data Subject (DS) or art. 14 General Data Protection Regulation, if not. 

Right of Access

Confirm and if applies, provide access to the Data Subject (DS) own Personal Data (PD) and the information listed in art. 15 General Data Protection Regulation. 

Right to rectification

Allow the rectification of inaccurate Personal Data (PD) and the provision of supplementary data. 

Right to be Forgotten

Erase the Personal Data (PD), when a Data Subject (DS) request so and there are no legitimate grounds for retaining it. 

Right to restriction of Processing

Impede the processing of Personal Data (PD) under the situations stated in art. 18 General Data Protection Regulation it is unlawful. 

Notification Obligation

Notify any rectification or erasure or restriction of processing to each Recipient (art. 19 General Data Protection Regulation). 

Right to Data Portability

If Art. 20 (1) General Data Protection Regulation applies, give back the Personal Data (PD) as required and allow the transfer to another Data Controller (DC). 

Right to Object

Provide the option to object the processing if the conditions in art. 21 General Data Protection Regulation apply. Also, quickly respond and demonstrate legitimate grounds. 

Automated decision-making

Do not base a decision solely on automated means, include profiling, which produces legal or similar effects (art. 22 (20 (4) General Data Protection Regulation).

Previous Story

Corporate Fraud and Criminal Law

Next Story

Who is the Data Controller (DC) and what are its responsibilities under the General Data Protection Regulation

Latest from Data Protection

E-discovery

VAN LEEUWEN LAW FIRM helps its clients to design a clear process in order to proactively…

Privacy at Work

VAN LEEUWEN LAW FIRM assists its clients in implementing global data protection agreements as well as…