The General Data Protection Rights (hereinafter referred to as “GDPR”) seek protection of data and privacy for individuals residing within the territorial extent of the European Union. The said rights aim to safeguard the fundamental rights and freedoms of natural persons, in particular their personal data.
Rights of the Individuals under GDPR
The rights of the individuals as provided under GDPR include the following:
- The right to be informed.
The information in relation to the processing of personal data relating to an individual should be given to him/ her at the time of collection of such data within a reasonable period. The individual has the right to be made aware about the consequences of providing such data.
- The right of access.
The individual should have a right to access to his/ her personal information, which he/ she might have communicated, in order to enable him/ her to verify the processing of such data. However, the exercise of such right should not adversely affect the rights or freedoms of others, including trade secrets or intellectual property and in particular, the copyright protecting the software
- The right to rectification.
With a view to strengthen the control over personal data, the individual should be allowed to receive his/ her personal data for the purpose of rectification of inaccurate/ incomplete details.
- The right to erasure.
The individual should also have the right to get his/ her personal data erased and no longer processed where such data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or where he/she has withdrawn his/her consent in regard to the processing of the same.
- The right to restrict processing.
The individual shall have a right to restrict processing of his/her personal information where
- the accuracy of such data is contested,
- processing is unlawful and opposed by the individual,
- the data is no longer required or
- the individual has objected.
- The right to data portability.
Where the processing of personal data, provided by an individual with his/her consent, is carried out by automated means, the individual should be allowed to receive such data. It should not apply where processing is necessary to be carried on under legal obligations.
- The right to object.
The individual shall have the right to object the processing of his/ her personal data, on grounds relating to his/ her particular situation upon which no further processing of such data shall take place unless there are compelling legitimate grounds necessitating such processing in furtherance of public interest or exercise of official duty.
- Rights in relation to automated decision making and profiling.
The individual shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him/her. The said right is not applicable if the decision is required for entering into a contract or required under law or if the individual has consented for the same.
Being adopted with a view to enhance the importance of the personal data of the individuals in the European Union, the GDPR focusses on conferring rights on such individuals to regulate the dissemination of the information being so shared thereby expanding the scope of privacy law. Focused with the objective of effective enforcement, the GDPR imposes penalty for non-compliance of its provisions.