GDPR introduces 7 data subject rights:
(i) The right to be informed
(ii) The right of access
(iii) The right to rectification
(iv) The right to erasure
(v) The right to restrict processing
(vi) The right to data portability
(vii) The right to object
Personal data must be processed lawfully, fairly and in a transparent manner. Data may only be collected and processed for specified, explicit and legitimate purposes (purpose limitation). Data must be minimized to the data absolutely needed for the purpose a business is trying to achieve (data minimization). Data must be kept up-to-date and accurate, and should not be kept any longer than is necessary (accuracy and storage limitation). Organizations must ensure appropriate security of the data through technical and organizational measures (integrity and confidentiality). The Controller is responsible for demonstrating compliance (accountability).
The information provided in this resource base and on the Datawallet website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only. Information on this website may not constitute the most up-to-date legal or other information. This website contains links to other third-party websites. Such links are only for the convenience of the reader, user or browser. No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. All liability with respect to actions taken or not taken based on the contents of this site are hereby expressly disclaimed. The content on this posting is provided “AS IS;” no representations are made that the content is error-free.