Data Privacy, De-Mystified.
Individual data rights are at the core of all the major pieces of data privacy legislation. They are a bundle of rights aimed at letting individuals exert control over the way that their data is collected, stored, and processed by other parties. Each data right covered below is substantive enough to consider independently, but as a primer, it’s useful to seem them listed together. As ever, the ICO has an excellent and comprehensive guide to user data rights on their site.
In a nutshell, the GDPR contains the most robust set of user data rights of any legislation, so an examination of them is most instructive. GDPR asserts an individual’s –
- Right to be informed: essentially the right to know when their data is being collected and used.
- Right of access: essentially the right to access and view the data that an organization has collected on them.
- Right to rectification: essentially the right to correct inaccurate data or complete incomplete data related to them.
- Right to erasure: also known as the “Right to be forgotten”, this gives individuals the right to have their personal data erased.
- Right to restriction: essentially the right to limit the ways in which an organization processes their data.
- Right to portability: Essentially the right to receive information about their data in a common and portable format, for example a clearly labeled CSV spreadsheet.
- Right to object: Essentially the right to stop the processing of their data in certain circumstances, specifically direct marketing.