About privacy rights
In a digital age where personal data is as valuable as gold, it’s crucial to know your rights as a citizen. GDPR gives you, as an individual, control over your own information. But what does that actually mean for you? In this article, we dive into your GDPR rights and show you how to protect your personal data.
A brief history of GDPR rights
Privacy rights are legal rights that give people control of their own personal data and the authority to prevent others from exposing it to public scrutiny. Long before GDPR rights, the idea of privacy rights was recognised in various cultures throughout history. However, in the mid-20th century, as technology advanced, the need for privacy protections became more apparent.
In 1948, the United Nations adopted the Universal Declaration of Human Rights, which includes the right to privacy as a fundamental human right. In the 1960s and 1970s, many countries introduced their first data protection laws to regulate the collection, use, and disclosure of personal information.
The last 5 years are marked by a special interest in privacy rights. The EU’s GDPR came into effect in 2018, and it inspired slews of other countries and regions to update or create their own privacy laws. So what exactly are your GDPR rights?
What are my GDPR rights?
Most of the time, especially in the EU, when we talk about privacy rights, we are talking about GDPR rights. That is, the 8 specific privacy rights granted to individuals under the General Data Protection Regulation (GDPR).
Here are the eight GDPR rights that individuals can exercise regarding their personal data:
-
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Right not to be subject to automated decision-making
Each of these rights gives individuals more control over their personal data, and requires organisations that collect and process personal data to do so in a transparent and accountable manner. The GDPR also sets out specific requirements for organisations to comply with in relation to each of these rights, including timelines for responding to requests, and the information that must be provided to individuals when their rights are exercised.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
How should I exercise my GDPR rights?
You can exercise your GDPR data privacy rights by contacting an organisation with almost any question about their data. We call all such requests Data Subject Access Requests or DSARs. GDPR doesn’t require you to follow a certain procedure to make a data request, but ideally, you should:
Find out to whom you should direct the request
The organisation should have a designated portal, person, or department to handle GDPR requests. You should be able to find instructions for making your request on the organisation’s website. Check their privacy policy or contact their customer service department.
Draft a simple request and submit
GDPR gives you a lot of freedom when it comes to how you can make a request and doesn’t require special wording or legal jargon. However, it’s best to use simple language and explain exactly what you want. This will make it easier for the company to respond to you without delay.
Provide proof of identity
The company may ask you to provide some proof of your identity. As a rule, companies should only ask you for email or SMS verification. In some cases, the organisation may have to ask you to provide further proof of your identity.
Wait for a response
The organisation should notify you that they have received your request. Then, they will have about one month to respond to your request. They may get an extension in certain circumstances. They should either fulfill the request on time or provide a valid reason for not doing so.
Start your privacy cleanup with the big picture
A GDPR Risk report gives you a complete overview of the privacy risk in your company. The report is based on a scan with DataMapper.
Data privacy rights issues for companies
If everyone followed our advice on how to make a data request, it would be much easier for businesses to handle them correctly. But in reality, this is rarely the case.
There are no strict rules on how requests should be submitted, making it easy for them to be overlooked. If a request is unclear or involves large amounts of data, businesses can quickly spend hours trying to locate the right information. Without the right tools, it’s also difficult to ensure that all relevant data has been found.
At Safe Online, we help businesses handle data requests simply and efficiently. For this, we’ve developed RequestManager, a portal where users can submit data requests and where businesses can ensure requests are organised and managed effectively.
Sebastian Allerelli
Founder & COO at Safe Online
Sebastian is the co-founder and COO of Safe Online, where he focuses on automating processes and developing innovative solutions within data protection and compliance. With a background from Copenhagen Business Academy and experience within identity and access management, he has a keen understanding of GDPR and data security. As a writer on Safe Online's Knowledge Hub, Sebastian shares his expertise through practical advice and in-depth analysis that help companies navigate the complex GDPR landscape. His posts combine technical insight with business understanding and provide concrete solutions for effective compliance.
