Individuals whose personal data are processed have rights that allow them to control this information. The data controller must explain to the data subjects the procedure to be followed in order to exercise these rights in practical terms. The data controller must respond to requests within one month.
Below is a non-exhaustive list of the rights of individuals granted by the GDPR (General Data Protection Regulation):
Right to information: Individuals have the right to know how their personal data are collected, processed and used.
Right of access: Individuals may request and obtain confirmation that their personal data are being processed, as well as details of such processing.
Right to rectification: Individuals have the right to request the correction of inaccurate or incomplete personal data concerning them.
Right to erasure (or right to be forgotten): Individuals may request the deletion of their personal data in certain circumstances, for example when the data are no longer necessary for the purposes for which they were collected.
Right to object: Individuals may object to the processing of their personal data in certain situations, particularly in the case of direct marketing.
Right to data portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format, and to transmit them to another controller.
These rights give individuals increased control over their personal data, thereby strengthening the protection of privacy and transparency in the processing of information concerning them.
