Openli logo

Easy introduction to GDPR - Lesson 5

Data Subject Rights

GDPR gives people rights; it is its core principle. The right to information, the right to access to their data, the right to rectification, the right to be forgotten, and the right to data portability, are all rights of data subject we will cover in this lesson of Compliance School.

Compliance school

What is GDPR? Video transcription

GDPR gives people rights. These are one of the core things that you really, really need to know. People have a right to information. That means that you need to tell them why, for what purpose, for how long, and what type of data you have about them. Then you need to tell them that they have the right for their data to be deleted.

And when we're talking about deletion, well, as the main role, you should be deleting it. There can be some exceptions as to when you are allowed to keep it, but it's an important principle to have in mind. Then, there's the right to actually get the data rectified. There is a right to data portability. What is data portability?

Well, that is especially relevant if you're a platform as an example. So you're for example, as a user using Facebook, you're uploading all your pictures, your almost your personal life. And if you want to leave Facebook and join another social platform you are allowed to do so and get all your data taken from Facebook to another platform, and it needs to be easy for you to do that in an electronic format, and that's why we're calling it data portability. Then you have the right to also get access to information. Do you know? Have you ever heard about SAR? S A R? That is a subject access request. That is when people are writing to you and asking for information and access to their data.

So these are some of the things you really need to be mindful of. And remember; there are time limitations. So if a person is asking for their data, you need to respond within 30 days.