GDPR introduced 8 fundamental rights. These are:
- The right to be informed – Organisations must be completely transparent with regards to how they use personal data.
- The right of access – Data subjects (identifiable people) have the right to access their personal data and supplementary information. This means that you are aware of and able to verify the lawfulness of the processing of your data.
- The right to erasure (or right to be forgotten) – You are entitled to have your personal data erased or removed without the need for a specific reason as to why you wish to discontinue.
- The right to object – You have the right to object to the processing of your data based on legitimate interests and/or direct marketing and/or processing for scientific, historical research or statistical purposes.
- The right to rectification – You have the right to rectify or complete any personal information that an organisation holds about you.
- The right to data portability – You have the right to obtain and reuse your personal data for your own purposes, across different services. You are also entitled to move, copy or transfer your data from one organisation to another.
- The right to restriction of processing – You have the right to restrict or suppress access to your personal data.
- The right of automated decision-making and profiling – GDPR has introduced controls to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example you can choose not to be the subject of a decision where the consequence has a legal bearing on you or is based on automated processing.