Data subject rights

Understanding GDPR

Shalini Kurapati, CIPP/E

Co-founder, Clearbox AI

What are the rights?

Information
Access
Correct their data
Erasure
Object or restrict processing
Portability of data
Related to automated decisions

Right to information

On data use and treatment
Usually while collecting - consent
Privacy policy
Data protection statement
Transparency

Right to access

Illustration of a database that looks like padlock, with the lock open to represent access.

Copy of their personal data, request in writing
Consult with DPO and/or lawyers
Process within a calendar month
Free of charge
Unless repetitive and excessive

Right to correction/ accuracy

Screen shot of a phrase with an obvious spelling mistake to be corrected. The phrase is I hope the guy who invented auto correct burns in hello!

Right to correct their information
Objective/factual - names
Subjective - meeting notes

Right to erasure

Picture of a red and blue eraser.

Right to be forgotten
Withdrawing consent

Example

Unsubscribe from marketing campaigns and ask them to remove your email

Objection or restriction to processing

Illustration of a hand objecting to something.

Reduce the scope of your data use
Stop use without deleting
Not in all cases

¹ image: Flaticon.com

Data portability

Illustration of a person's hand handing over a document representing data to another.

Structured digital copy
Transfer to another provider

Example

Switching phone providers

¹ image: Flaticon.com

Rights related to automated decisions

A meme from the show Little Britain with a catchphrase computer says no, that became popular for blaming the computer for lack of service.

Fully automated decision making
Right to explanation
Human intervention

Limitations

Data subject rights - not absolute
Disproportionate effort
Respect other rights and laws
Lawful requests only
Consult with DPO/lawyers

Let's practice!

Understanding GDPR

Preparing Video For Download...