Have advertisements been following you around? Do you feel tracked by online stores? Are you wondering whether your personal information shared on websites are safe? Well, you are not alone there! Privacy has been a big concern of customers for long.
This growing concern led to European General Data Protection and Regulation (GDPR) to be implemented. GDPR ensures the privacy and protection of sensitive and personal details of data subjects shared online.
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). GDPR helps protect user’s data by asking user’s consent before setting cookies on any website they visit or any kind of information of the user is stored on the website.
It provides the data subjects with certain rights using which they can ensure whether their data is being used for any other purpose than what it was originally asked for. With GDPR in action, the customers and users in the EU get full authority over their data no matter which website or store owner they provided it to.
Let us look at the most fundamental rights data subjects get under GDPR:
Image Source: Rights of Data Subjects
The Right To Information
This right authorizes the user or customer to ask the website about how the information collected from them is being used and with who is it shared with.
The Right To Access
Under this right, the data subjects get access to their data being processed. They can request the website owner to get a copy of the data they submitted.
The Right To Rectify
Under this right, the data subjects can modify or change the data submitted by them to the website. The users can send a request to do the same in case their data is not up to date or need any modifications.
The Right To Restrict Processing
This right provides the users the choice to restrict processing of their data. The users can send a request regarding this to the website, which will immediately any ongoing process of their personal data.
The Right To Object
If the user wishes to object to the processing of the data given by them then they can do so using this right. This right is the same as the right to withdraw consent. However, it is applicable to special conditions such as when undergoing a legal situation, the user can object on using any personal details submitted.
The Right to Data Portability
This right gives the user the freedom to obtain and reuse their data for their personal use across different services. The user can use the data submitted to a website, copy, move or submit it from one IT environment to another without affecting its usability.
The Right to Erasure
Under this right, the user can opt to be forgotten by the website. This right comes in handy when the users have ended taking any services from the website. With the customer relationship ended it is important that the customer has the right to request the website to delete all the details previously submitted by them.
The Right To Object To Automated Decision Making
Automated processing of data of users can be carried out in different scenarios such as the decision is important for the performance or entry in a contract, it is authorized to by the union or law if the user gives their consent.
If the processing takes place without the above scenarios happening, the users must be informed immediately, they need to informed of simple ways to challenge the decision.
The Right To Notification Obligation
According to this right, any change or deletion or rectification of user’s data must be notified to them. This is important as the change may or may not be made by them and is to be followed even in case of loss or breach of user’s data.
These are the rights that data subjects get in GDPR. All users, employees, customers or anyone working for the company can make these rights requests.
Wrapping up, data subject rights are an important part of GDPR. In fact, it won’t be wrong to say they form the basis of GDPR. These rights should be implemented in all users of a website of an organization.