Personal Legal Services

What Are The 8 User Rights Under The GDPR?

What Are The 8 User Rights Under The GDPR?

With the new and updated GDPR regulations having only been introduced to the EU in 2018 many are still very uncertain on their rights. Whilst individuals are becoming increasingly aware and protective over their privacy and handling of their personal data, we are also living in a world where sharing to social media and checking in online is very much the norm. So, what exactly are our rights?

Continue reading to find out the 8 basic rights regarding personal data and data privacy.

The right to be informed
Organisations must create easy-to-read policies that provide explicit details on exactly which data will be stored on an individual and consent must then be given from the individual in order on them to store it.

The right to access
The right to access gives individuals the right to requests a copy of their personal data stored by an organisation. This can be requested verbally or in writing. Individuals may also ask about how their data is used, processed, stored or transferred to other organisations. Businesses must provide a digital copy of the data stored free of charge if requested.

• The right to rectification
Users can request that you update, complete, or correct their personal data. The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. An individual can make a request for rectification verbally or in writing and an organisation has a month to respond to this.

• The right to erasure
The right to be forgotten grants users the right to have their personal data erased by an organisation if they are no longer customers. Terms apply to their right, full terms as to when the right to be forgotten applies can be found here. 

The right to restrict processing
Article 18 of the GDPR gives individuals the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data.

• The right to data portability
A data subject has the right to move, copy, or transfer personal data from one data controller to another, in a safe and secure way, in a commonly used and machine-readable format. Wherever technically possible, this also includes the right to have the data transferred directly from one controller to another without the data subject having to handle the data.

• The right to object
A data subject has the right to object to being subject to public authorities or companies processing their data without explicit consent. Individuals also have the right to object to the storing and processing of their data if it is for direct marketing purposes.

• Rights in relation to automated decision making and profiling
The eighth and final right offered by the GDPR is the right to avoid automated decision making in regards to personal data. Therefore, individuals have the right not to be subject to a decision solely based on the data about them available.

As with all areas of law, terms do apply. Therefore, we advise reading the GDPR law in full on their website .

If you suspect that you have been the victim of a data breach incident, please get in touch today.



My Housing Association have ignored the problems in my property for years. When Angelus Law got involved they ended up getting all the problems fixed for free and I received thousands in compensation.

Alan Peters

When I moved into my house 4 years ago, it turns out my landlord didn’t protect my deposit until 2 months after I had moved in. Angelus Law recovered 3 times the amount of the deposit as compensation for me.

Julie Owens

I thought I had lost every chance of a happy retirement when my SIPP collapsed. My Financial Advisor had told me my money would be safe. Angelus recovered my full investment plus interest.

Marc Lyons