What Are GDPR Requirements? The Rights Of The User
Posts by Alan TaylorMay 12, 2023
All businesses with an online presence should have a solid understanding of GDPR – including how GDPR affects their business, and how it impacts users.
It’s important to be aware of what rights users have under GDPR – some of them will apply to your business operations, and others won’t.
So, what rights do users have according to GDPR? And how does this impact businesses? That’s what we’ll be exploring today.
Read on to learn more about the eight key rights of the user (aka the data subject), as well as more information on the GDPR requirements.
The Right To Be Informed
First of all, all users have the right to be informed on how their data is going to be used. It is the responsibility of an organisation to be transparent about how they will be using any personal data.
This right can be broad- for example, the subject may ask what data you collect, how it will be used, or what processors the data controller works with.
The Right Of Access
Data subjects have the right to know what information is being held about them. As well as this, they have the right to know exactly how their personal data will be processed.
Users may request information about how you’re processing their data and why you are doing so.
They also have the right to find out the categories of personal data being collected, and who is able to see this data.
As a business, you must tell the user any information about how you intend to store their data, and information about profiling or automated decision-making if the user requests it.
The Right To Rectification
If the data held on an individual is incorrect, incomplete or inaccurate, the data subject has the right to have their personal data rectified.
Any rectifications should be completed “without undue delay” – meaning that changes should be made as soon as possible. It’s important to note that it is a violation of GDPR to hold user data without their consent.
The Right To Erasure
The right to erasure is commonly referred to as ‘the right to be forgotten’. This means that users have the right to have their personal data removed.
They do not need to provide a specific reason for this request. It is the company’s responsibility to ensure that data is removed at the request of the data subject.
Once the decision to erase a subject’s personal data, this request should also be shared. Any other processors or controllers should be promptly made aware of the erasure. This is so they can erase any links to the personal data or copies of it.
The Right To Restrict Processing
Any data subject can object to and block businesses from processing their personal data. Organisations are obligated to temporarily stop processing the user data if the user:
- Objects to unlawful processing
- Contests the accuracy of the data
The Right To Data Portability
It’s not just organisations that can use a data subject’s personal data – the user has the right to retain their own personal data and reuse it for their own reasons.
It’s important to note that there are certain conditions for this – for example, if the processing is completed through automation, or the processing is based on consent or/ and a contract.
The Right To Object
One of the most important user rights in terms of GDPR is the right to object. In some circumstances, users are able to object to their personal data being collected and processed. For example, if a business uses personal data for marketing or for research purposes.
The Right to Avoid Automated Profiling
The final user right is the right to avoid automated decision-making and profiling. The GDPR safeguards users against decisions being made without human intervention, also referred to as automated decisions.
Because of this, users can decide not to be a part of a decision based on automated processing, or decisions that may lead to a legal bearing on themselves.