There are 8 fundamental rights of individuals under GDPR. These are:
The right to be informed
Organisations must be completely transparent in how they are using personal data.
The right of access
Individuals will have the right to know exactly what information is held about them and how it is processed.
The right of rectification
Individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
The right to erasure
Also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
The right to restrict processing
Refers to an individual’s right to block or supress processing of their personal data.
The right to data portability
This allows individuals to retain and reuse their personal data for their own purpose.
The right to object
In certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
Rights of automated decision making and profiling
The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.