Franchise

What rights do individuals have under UK GPDR?

You may have heard of “individuals’ rights” or maybe “data subject rights”, which data controllers must facilitate (and which processors must assist the controller with facilitating) but do you know what these rights are? If not, keep reading for a quick overview of the rights individuals have under UK GDPR.

  1. The right to be informed

Individuals have the right to know about the collection and use of their data. Organisations are required to be transparent about what data they’re collecting, why they’re collecting it, and how they plan to use it. This information is typically provided in privacy notices when the data is collected from the individual (or shortly thereafter when it is collected from other sources). This is your opportunity to show people you care about their rights and the privacy of their information at the start your relationship with them (you can see our article about what makes a good privacy notice here).

  1. The right of access

The right of access means individuals can request a copy of their personal data along with information about how it’s being processed. This is probably the most well-known right, the exercise of which is commonly known as a DSAR (Data Subject Access Request).

  1. The right to rectification

This is the right to correct incorrect personal data and to complete personal data which is incomplete (in some circumstances). You already have obligations to ensure the data you collect and use is accurate but you must also take reasonable steps to satisfy yourself of the accuracy of data on request by the data subject.

  1. The right to erasure

UK GDPR gives individuals the right to have their personal data erased in some circumstances. An example could be when the data is no longer necessary for the purposes you collected/processed it for or when processing is based on consent and the individual withdraws their consent.

  1. The right to restrict processing

The right to restrict processing allows individuals to pause the use of personal data under certain circumstances. If this right is exercised you will be able to store the data, but not use it. This is often used as an interim measure whilst, for example, the accuracy of personal data is verified.

  1. The right to data portability

This right allows individuals to obtain their data in a structured, commonly used, machine readable format as well as a right to ask you to transfer the data to another controller. This might apply when consumers want to switch from one service provider to another, although in practice this right is not often used.

  1. The right to object

Individuals have the right to object to the processing of their personal data in certain circumstances. You will need to stop processing the data unless you can demonstrate compelling reason to do so that overrides the individual’s interests or the processing is necessary to establish, exercise or defend legal claims. The exception to this is objections to direct marketing, which must always be honoured.

  1. Rights in relation to automated decision-making

Individuals have the right not to be subject to decisions about them which are based solely on automated processing and have a legal or similarly significant effect on them, save under specified circumstances. Where these decisions are permitted, the UK GDPR provides for several rights in relation to this, at least, the right to specific information about the processing, the right to receive an explanation of the decision, obtain human intervention, express their view and the right to challenge and request a review of the decision.

It is important to note that the rights discussed in this article are not absolute, they are limited in scope (in ways too detailed to cover in this article) and there are also exemptions which may apply meaning that you do not have to comply with a request, so considering the scope of the right and applicable exemptions is essential in every case.

For more information on getting it right when responding to data subject rights requests, see our five practical tips here and if you would like any help in managing data subject rights requests, please contact a member of our team at hello@hellodpo.com.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Related Posts

Don't just take our word for it
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
"We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them."
Serena MayDirector, Southern HR Ltd
Serena May
“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time."
Craig SaundersHead of International Privacy, Aetna Global Benefits (UK) Ltd
Craig Saunders
“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”
Frasers Hospitality (UK) Ltd
“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”
Ruth HidalgoDirector, Chartered Accountants Worldwide
Ruth Hidalgo
“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”
Sanjay PatelFinance Director, Cadogan Group Limited
“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”
Federica CozzaniSenior Legal Counsel, Compre Group
Federica Cozzani
“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”
Gemma WithamDirector of Legal (Privacy), Group Privacy Officer, Sykscanner Limited
Gemma Witham
“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”
Joshua AntonCEO, Outlogic
Joshua Anton
“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!"
Clare RussellInterim Head of Legal, Vue UK & Ireland
Clare Russell
“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team."
Josh TowbHead of Business Transformation, Jigsaw
Josh Towb
“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them."
Rebecca MillerChannel 4
Previous
Next

Subscribe to our privacy news and legislation updates

Subscribe now

HelloDPO

We are here to make our data-driven world a more equitable and ethical place to live, work, and thrive by pragmatically balancing our clients’ commercial ambitions with every individual’s right to privacy.

Linkedin
Navigation
Legal & compliance
HelloDPO Law Logo
© 2024 HelloDPO. All rights reserved. The use of any material on the website without our prior written consent is strictly prohibited.

Website developed by Bowler Hat

Data Protection; Demystified