Not just the ‘right to be forgotten’: What about those other rights?


The “right to be forgotten” is far from the only right under the GDPR. The new EU data protection laws feature more than seven rights including the big one we have already discussed. Companies and organisations need to prepare numerous processes in order to comply with all of them. In this blog post, we take a closer look at all those ‘other rights in the new data regulation. They haven’t garnered the same kind of attention as ’the right to be forgotten, but they are still extremely important if companies want to reach compliance:

The right to be informed

Explains how companies and organizations are obligated to provide information of how they process collected data. The individual should be informed through a private notice.

The right of access

Concerns the ability of individuals to access their personal data and obtain confirmation that their personal data is being processed.

The right to rectification

Defines that individuals have the right to have their personal data corrected if it’s incomplete or inaccurate.

The right to restrict processing

Explains that individuals have the right to block processing of personal data, so that companies can only store it.

The right to data portability

Concerns the right of individuals to obtain and reuse personal data for their own purposes on different services and platforms.

The right to object

Means that individuals can object to processing in fields such as direct marketing and scientific or historical research. Even processing that is based on the performance of tasks in the public interest can be objected.

Beware of automation

And finally, the GDPR includes certain safeguards so that individuals can be protected against potentially damaging decisions that are based on personal data but taken without human intervention. This one is particularly important if your business is based on any kind of automated decision making.

Overall, the ‘other rights’ of the GDPR are fairly comparable to the ones found in the Data Protection Act from 1998. If your processing of personal data was already in line with the DPA, you should be in pretty good position to comply with the above-mentioned. However, individual rights are generally strengthened compared to the Data Protection Act. It would be wise for any company to assume that their current processing of personal data will need some adjusting.

Three highlights:

– The ‘right to be forgotten’ is far from the only right of individuals in the GDPR.

– The new data protection laws include six other rights and different safeguards on top of that.

– The ‘other rights’ of the GDPR are comparable to the Data Protection Act, but the rights of individuals are strengthened.

Leave a Reply