Break free with your rights as a data subject

May 9th, 2018


GDPR (general data protection regulations) is coming on the 25th May 2018. This will empower individuals to take back control of their data. GDPR will give people rights over there data that they previously never had. This will also have an impact on the way that organisations handle data and the period that they hold data.

Under the new GDPR regulations data subjects have the right to ask a business what personally identifiable data they hold, which the business must produce within 30 days or be in breach. Data subjects will also now have the right to be erased (the right to be forgotten). This is whereby any EU citizen has the ability to approach an organisation and ask them to delete any data that they hold on that particular data subject and the organisation then has 30 days to do what has been asked of them and provide evidence that this has been done. Otherwise the data subject has the ability to go to the ICO and report that organisation which may then result in a regulatory penalty.

Data subjects will now also have the right to the portability of their data. This means that an individual EU citizen can approach an organisation and ask them to collate all the data they hold and then send it to them or another supplier. They must then destruct all the data that they held. 30 days is the period to get this achieved. The organisation cannot charge you for this either.

GDPR banner

The clock is ticking on GDPR.


Other rights as a data subject under the new GDPR legislation include;


  • You have a right to be informed- why a business holds your data and what data they have,
  • The right to rectification- the right to make changes to your data,
  • You have a right to restrict processing- the right to stop an organisation from using your data for a specific purpose,
  • The right to object- this will mean that the organisation must take your data out of processing until further notice,
  • And the right not to be subject to automated decision making including profiling.


Understanding your rights as an individual will enable you to take control of your data; And limit what is known about you by companies. It should reduce the amount of nuisance emails you receive as you can order businesses to destroy all data they have relating back to you. It will also stop businesses pooling and sharing your data in order to target you with more sales promotions. However, businesses can hold onto your data if they have a legitimate reason to; And/or it is part of a legal obligation that they must hold records for a set period.

For more on GDPR read  the key principles of GDPR blog.

Back to article