info@sapphireconsulting.co.uk             London – 020 305 68855         Cornwall – 01726 247047

SUBJECT ACCESS REQUESTS

Rights of individuals under the GDPR

Individuals have eight fundamental rights under the GDPR:

  • The right to be informed – Organisations must be completely transparent in how they are using personal data.
  • The right of access – Individuals will have the right to know exactly what information is held about them and how it is processed.
  •  The right of rectification – Individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
  • The right to erasure – Also known as ‘the right to be forgotten’, this refers to an individual’s right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
  • The right to restrict processing – Refers to an individual’s right to block or supress processing of their personal data.
  • The right to data portability – This allows individuals to retain and reuse their personal data for their own purpose.
  • The right to object – In certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
  • Rights of automated decision making and profiling – The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.

We can help you if you receive a subject access request, a request to be forgotten or any of the other requests

Subject Access Requests need to be assessed according to the criteria in the GDPR and the Data Protection Act 2018. 

 

Don’t try and redact data on your own as there are legal exemptions and requirements — you could release data that should be redacted or not release data that should be released.

Subscribe to our Newsletter – please read our Fair Processing Notice before subscribing
Our monthly DPO Review will keep you updated on changes to GDPR and anti-money laundering law and practice.

Sapphire Consulting Group Ltd is a limited company registered in England and Wales.

Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.

VAT Registration number: 285986235