Data Subject Rights Flashcards
List The Data Subject Rights
- Right to Be Informed
- Right of Access
- Right to Object
- Right to Correction
- Right to Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Not Be Subject to Automated Decision-Making
What is the right to be Informed?
Data subjects have the right to be informed about the use to which their personal data will be put. This includes the right to be informed that their personal data is being collected.
What is the right to access personal data?
A data subject can request confirmation from the data controller or processor on whether their personal data is being processed.
If it is, they have the right to
1. access the data and be
2. informed about the purpose of processing, the
3. categories of data,
4. recipients of the data,
5. the storage period, and the
6. data source if collected indirectly.12
How can a data subject exercise their right to access their data?
They can submit a request using Form DPG 2 as outlined in the First Schedule of the Data Protection (General) Regulations, 2021.
The data controller or processor must comply with this request within 7 days.23
Is there a fee for accessing personal data?
No, compliance with a request for access to personal data is free of charge.4
What is the right to rectification?
A data subject can request the data controller or processor to correct any personal data that is
1. inaccurate,
2. outdated,
3. incomplete, or
4. misleading. 45
What is the process for requesting data rectification?
Data subjects can request data rectification using Form DPG 3 as provided in the First Schedule of the Data Protection (General) Regulations, 2021.4
Is there a fee for requesting data rectification?
No, requests for rectification are free of charge.6
What is the right to erasure (right to be forgotten)?
A data subject can request the data controller or processor to delete their personal data in certain situations, such as
1. when the data is no longer necessary for the original purpose,
2. consent is withdrawn,
3. the data was unlawfully processed, or
4. the data subject objects to processing based on legitimate interests.789
How does a data subject request the erasure of their data?
They can submit a request using Form DPG 5 outlined in the First Schedule of the Data Protection (General) Regulations, 2021.10
What is the right to restrict processing?
The data subject can request the data controller or processor to restrict the processing of their personal data in specific situations.
This might include
1. when the accuracy of the data is contested,
2. processing is unlawful but erasure is opposed,
3. the data subject needs the data for legal claims, or
4. they object to processing based on legitimate interests.1112
What is the procedure for requesting restriction of processing?
A data subject can request restriction of processing by submitting Form DPG 1 outlined in the First Schedule of the Data Protection (General) Regulations, 2021.12
How does a data controller or processor handle a restriction request?
The data controller or processor must
1. respond within 14 days without charging a fee.
They should either
1. implement the request,
2. note the restriction in their system, and
3. notify relevant third parties or
4. decline the request if it’s unfounded or excessive.13
What are the Data Handlers’ options for implementing a restriction of processing request?
They can
1. temporarily move the data to another system,
2. make it unavailable to third parties, or
3. remove published data about the subject from public platforms under their control.14
What happens if a restriction request is declined?
The data controller or processor must notify the data subject in writing within 14 days, explaining the reasons for the refusal.15
What is the right to object to processing?
A data subject can object to their data being processed for a particular purpose or in a specific manner. This right applies absolutely when processing is for direct marketing, including profiling for direct marketing. In such cases, the data cannot be processed for those purposes.1516
How can a data subject exercise their right to object to processing?
They can use Form DPG 1 provided in the First Schedule of the Data Protection (General) Regulations, 2021.16
What is the right to data portability?
A data subject can request to receive their personal data in a structured, commonly used, and machine-readable format and can transmit this data to another data controller or processor without hindrance.6
How does a data subject request data portability?
Data subjects can request data portability using Form DPG 4 as outlined in the First Schedule of the Data Protection (General) Regulations, 2021.6
Can a data controller or processor charge a fee for data portability?
Yes, they can charge a reasonable fee not exceeding the cost to fulfill the request.6