An individual has a number of subject rights under data protection regulations.
If you are a controller of this data, you must facilitate individuals when they want to exercise these rights.
But it is also important to recognise that these rights are seldom absolute.
Right to be informed:
You must tell an individual about the types of personal data you have about them and what you are doing with it.
This includes personal data you didn’t gather directly from them.
Right of access:
An individual can ask you for a copy of all the personal data you have about them.
You can’t usually withhold data, even if it embarrassing or defamatory.
You must also ensure the personal data of other individuals is not disclosed in your response.
Right of rectification and erasure:
If you have inaccurate data about an individual, they can instruct you to rectify it.
If you should not have the data, they can instruct you to delete it.
But there are reasons why you may not be obliged to do what they ask.
Right to restrict or object:
An individual may have the right to restrict what you do with their data.
They may also have a right to object to what you are doing.
These rights are not absolute. You have rights too.
Step 1: Contact me
Contact me using the form below.
Provide some basic information about the situation. I don’t need too much detail. Do not include samples of the data involved.
Give me your direct contact number and your email address. I will respond as soon as possible, usually within 24 hours.
Step 2: Free initial call
If I think I can help you, we will arrange a quick (no more than 20-30 min) phone conversation to work through the situation. I will give you some pointers to help you.
We can then decide if you need further help from me. You’re under no obligation.
Step 3: After our call
If you don’t want further help, there is no step 3. You’re under no obligation to engage me further.
If you do want my assistance and I think I can help, we can agree a scope and a cost for my involvement.