GDPR
1. Rights of the data subjects (users)
The General Data Protection Regulation (GDPR) is a data protection legislation that applies in the European Union (EU) and regulates the protection of personal data. The GDPR grants data subjects various rights to maintain control over their personal information. Here is a summary of those rights:
-
Right to information: the GDPR states that data subjects have the right to receive clear and understandable information about how their personal data is processed.
-
Right of access: individuals have the right to obtain confirmation as to whether their personal data is being processed and, if so, to request access to that data. Companies must provide a copy of the data they hold about an individual.
-
Right to rectification: If personal data is inaccurate or incomplete, data subjects have the right to request that it be corrected. This also includes the right to fill in missing information.
-
Right to erasure ("right to be forgotten"): In certain circumstances, data subjects may have the right to request the deletion of their personal data. This is the case, for example, if the data is no longer necessary for the original purpose or if the processing is unlawful.
-
Right to restrict processing: data subjects have the right to restrict the processing of their personal data in certain cases. If processing is restricted, the data may only be stored and processed to a limited extent.
-
Right to data portability: individuals have the right to receive their personal data in a structured, commonly used and machine-readable format and to transfer this data to another controller without hindrance from the original controller.
-
Right to object: if personal data are processed on the basis of a legitimate interest, data subjects may object to this processing under certain circumstances. It is then the responsibility of the company to demonstrate that there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject.
-
Right not to be subject to automated decisions, including profiling: individuals have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning them or similarly significantly affects them. This includes the right to receive information about the logic involved in automated decision-making and its scope.