Data subject rights are the rights granted to data subjects under the General Data Protection Regulation (GDPR). These rights include:
- the right to access,
- rectification,
- erasure,
- restriction,
- portability,
- and to object to their personal data being processed.
Organizations must ensure that they are aware of and guard these rights:
- They should have policies and procedures in place to ensure that data subjects are aware of their rights and can exercise them. For example, you can provide a feature on your website where the data subject can update their personal data on their own,
- They should ensure that the necessary data protection measures are taken to protect the data of data subjects and to ensure that their rights are respected. The organization can install data security systems to enure data is protected.
- They should also ensure that any third parties who handle personal data on their behalf also respect data subject rights. This can be ensured via appropriate data protection clauses in the third party contract.
- Finally, organizations should ensure that they respond to any requests from data subjects in a timely manner.