GDPR and Data Subject Rights

The GDPR, or General Data Protection Regulation, is a framework of rules that protects data privacy in the European Union (EU). The regulation, which went into effect May 2018, applies to:

• Organizations that do business in the EU
• Organizations whose business resides in the EU
• Organizations with users who are in the EU. 

To complicate things, the last qualification is vague and could refer to either users who live in the European Union or those who are citizens of the EU. Essentially the GDPR affects all global companies in some way. 

Terms to know:

Data Subject: the user, or an individual, that can be identified.

Controller: the company responsible for making decisions on what data is collected and how it is used. They are ultimately accountable for the privacy and safety of the data.

Processor: a third party company, or vendor, that processes, transfers, and/or stores the data on behalf of the Controller company (ex payment processors, cloud services, customer relationship managers). For a Controller to be GDPR compliant, all of their Processors must be compliant as well.

The GDPR is currently the most rigid set of privacy rules and the one that puts users ahead of companies and innovation. Other regulations (LGPD in Brazil and CCPA in California) have started to follow suit.

The future of privacy puts control back in the user’s hands and allows them to make more informed decisions on how and when their data is collected, processed, transferred, stored, and retained.

GDPR is based on the principle of Data Subject Rights for the user. 

The Rights

Select any Right to get more detailed information about how it applies to both the Data Subject and Organization. 

• Article 12: Transparent information, communication and modalities for the exercise of the rights of the data subject
• Articles 13 & 14: Right to Be Informed
• Article 15: Right of Access 
• Article 16: Right to Rectification 
• Article 17: Right to Erasure 
• Article 18: Right to Restriction of Processing
• Article 20: Right to Data Portability 
• Article 21: Right to Object
• Article 22: Rights Relating to Automated Individual Decision-Making Including Profiling

Enzuzo helps you automate and document many of the data subject rights, allowing you to spend more time on your business and less time worrying about compliance. Get started today for free.