Updated: Apr 13, 2020
Once a person agrees to have their personal data be processed by an organization, they automatically become data subjects. This isn’t necessarily a bad thing as they still have their ‘rights. In fact, if anything, becoming a "data subject" will give you more power particularly over your own personal data than it has in the past.
In this article, we are going to discuss the rights that individuals have under GDPR
The Right to Refusal in Becoming Data Subject
Every EU citizen has the rights to refuse to have their personal data be processed and give consent to becoming a data subject. This is however hard to maintain as data processing will be crucial in anybody’s everyday living like with bank activity and official employments where data processing is compulsory otherwise a business organization will not be productive.
The Right To Be Informed
Should the citizen, however, agree to be a data subject and have personal data processed, they will then have the right to be informed about everything related to the data processing. This includes how the data will be used, what will happen when it is used and you’d also have the right to modify their own data or even refuse to grant consent for specific companies. This also goes to say that they have the right to access their personal data whenever they want and need.
The Right To Restrict Processing
GDPR allows a person to restrict the processing of their own data under certain circumstances. For one, data subjects can prohibit processing when they notice any inaccuracy with their personal data. Until the time being, they have the right to restrict processing of their own data until the inaccuracy has been resolved. Another example where data subjects are allowed to restrict the processing is when an individual strongly denies consent to have their data processed.
Portability of Data
Citizens have the right to transfer their data from one organization to another without any hassle unless there are pre-existing contractual issues which should be disclosed before asking for a person’s consent to be a data subject.
The Right to Erasure / The Right to be Forgotten
Data subjects also have the right to erasure or rights to have their personal data deleted and forgotten. This right, however, has reservations and is not allowed under given circumstances that prohibit it. Data subjects are not allowed this request if the use of personal data is for reasons such as compliance with legal obligations, for public health purposes, for scientific research and a whole lot more. There are specific guidelines in GDPR that specifies which cases are allowed to practice this right and which cases don’t.
Rights to Profiling and Automated Decision Making
This right will ensure that data subjects are protected from possible threats and risks. This right cannot be practised however when explicit consent is present and/or authorized legally. GDPR Profiling is when any form of automated processing intends to evaluate the personal aspects of an individual like their personal work performance, health and vital status, personal tastes, economic situations and a whole lot more.
Should a company feel the need to conduct profiling, they must ensure that they have high data security and anticipate a possible breach and the precautionary measures that they could take to help mitigate the risks to get them out of trouble with the European Union. Automated processing, however, is never applicable when it comes to the personal data of children.
These are the rights of the European Citizens under the GDPR. As complicated and as confusing as this may seem at first, this is the right step towards technological advancement and in improving data security and protection. Keep in mind that the existence of GDPR is to return the power to data subjects and ensure that their personal data is protected from any threats and breaches at all costs.