Data Subject Rights
Individual data rights are at the core of all the major pieces of data privacy legislation. They are a bundle of rights aimed at letting individuals exert control over the way that their data is collected, stored, and processed by other parties. Each data right below is substantive enough to consider independently, but seeing the list together provides a useful overview. As ever, the ICO has an excellent and comprehensive guide to user data rights on their site.
GDPR contains the most robust set of user data rights of any legislation, which means it offers the most instructive examination. GDPR asserts the following for individuals:
- Right to be informed: the right to know when their data is being collected and used.
- Right of access: the right to access and view the data that an organization has collected on them.
- Right to rectification: the right to correct inaccurate data or complete incomplete data related to them.
- Right to erasure: also known as the “right to be forgotten,” this gives individuals the right to have their personal data erased.
- Right to restriction: the right to limit the ways in which an organization processes their data.
- Right to portability: the right to receive information about their data in a common and portable format, for example a clearly labeled CSV spreadsheet.
- Right to object: the right to stop the processing of their data in certain circumstances, specifically direct marketing.