Rights of the data subject
When a controller processes personal data, it must take appropriate measures to ensure that the data protection rights of data subjects are fulfilled. Controllers are also required facilitate the exercise of the data subject's rights.
According to the General Data Protection Regulation (GDPR), data subjects have the right
- to obtain information on the processing of their personal data
- of access to their data
- to rectification of their data
- to the erasure of their data and to be forgotten
- to restrict the processing of their data
- to data portability
- to object to the processing of their data
- not to be subject to a decision based solely on automated processing.
Not all of these rights can be exercised in all situations, depending on factors such as the basis for the processing of personal data.