Rights of data subject

When information about someone is processed and that information contains personal data, that person is a data subject. That data subject has a number of rights under the GDPR. These include:

• Right to information: the data subject has the right to know that, how and why their personal data is being processed;
• Right of access: the data subject has the right to obtain a copy of their personal data that has been processed;
• Right to rectification: the data subject has the right to have their personal data corrected if it is inaccurate;
• Right to data erasure: the data subject has the right to have their personal data deleted (e.g. because they withdraw their consent);
• Right to restriction of processing: the data subject has the right to have their personal data temporarily not used or amended;
• Right to data portability: the data subject can request and transfer his personal data to another person (e.g. if he chooses a new dentist);
• Right to object: unless there are very good reasons for processing the personal data, the data subject has the right to have the processing stopped;
• Right not to be assessed on the basis of automated decisions: unless there is an exception, a decision taken automatically (e.g. an automatic refusal of a loan) is not allowed.

These rights are there to ensure that the data you use from people is used safely and fairly. As a business, you need to make sure you respect and comply with these rights. You must make sure that you are transparent about how you use data, and that you treat the data you collect with care.