Under the UK GDPR, Data Protection Act 2018, and DUAA, individuals have eight key rights that strengthen their control over personal data. These include:
-
Right to be informed – about how data is collected and used.
-
Right of access – to request copies of their data.
-
Right to rectification – to correct inaccurate information.
-
Right to erasure – also known as the “right to be forgotten.”
-
Right to restrict processing – to limit data use.
-
Right to data portability – to transfer data to another controller.
-
Right to object – to certain types of processing.
-
Rights related to automated decision-making – to challenge profiling.
Public-sector organisations must have processes in place to respond promptly and lawfully to such requests. Failure to respect these rights can lead to enforcement action from the ICO.
