GDPR Course Modules
1
2
3
4
5
6
7

Individual Rights Under GDPR

This module explains the eight fundamental rights granted to individuals (data subjects) under the GDPR and how organizations must handle data subject requests.

Duration: 5 minutes

Overview of the 8 Rights of Data Subjects

The GDPR grants individuals the following rights over their personal data:

  1. Right to Be Informed: Individuals have the right to know how their personal data is being collected, used, and processed. Organizations must provide clear and concise privacy notices.
  2. Right of Access: Individuals can request access to their personal data and obtain a copy of it. Organizations must respond within one month.
  3. Right to Rectification: Individuals can request corrections to inaccurate or incomplete personal data.
  4. Right to Erasure (Right to Be Forgotten): Individuals can request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purpose it was collected.
  5. Right to Restrict Processing: Individuals can request the restriction of processing their personal data in specific situations, such as when they dispute the accuracy of the data.
  6. Right to Data Portability: Individuals can request their data in a structured, commonly used, and machine-readable format to transfer it to another organization.
  7. Right to Object: Individuals can object to the processing of their personal data for specific purposes, such as direct marketing.
  8. Rights Related to Automated Decision-Making and Profiling: Individuals have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affects them.

How to Handle Data Subject Requests

Organizations must handle data subject requests promptly and in compliance with GDPR. Follow these steps:

  1. Verify the Identity of the Requester: Ensure the request is coming from the data subject or their authorized representative.
  2. Respond Within One Month: Provide the requested information or take the necessary action within one month of receiving the request. This can be extended to two months for complex requests.
  3. Provide Clear and Transparent Information: Explain the actions taken or the reasons for any refusal to comply with the request.
  4. Document the Request: Maintain records of all data subject requests and the actions taken to ensure accountability.

Key Steps for Handling Data Subject Requests

Verify Identity
Respond Promptly
Provide Information
Document Request
Previous Module Next Module

Course Modules

1. Introduction to GDPR 2. GDPR Principles 3. Individual Rights Under GDPR 4. Data Breaches and Reporting 5. Best Practices for Compliance 6. Quiz and Key Takeaways 7. Completion Certificate