There are 8 fundamental rights of individuals under GDPR. These are:
- The right to be informed - Organisations must be completely transparent in how they are using personal data.
- The right of access - Individuals will have the right to know exactly what information is held about them and how it is processed.
- The right of rectification - Individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
- The right to erasure - Also known as 'the right to be forgotten', this refers to an individual's right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
- The right to restrict processing - Refers to an individual's right to block or supress processing of their personal data.
- The right to data portability - This allows individuals to retain and reuse their personal data for their own purpose.
- The right to object - In certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
- Rights of automated decision making and profiling - The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them or is based on automated processing.