Q: What personal information can I ask for?

As a data subject (that’s how you are referred to), GDPR presents you with 8 rights to which you can make a specific request and be assured that your personal data is not being misused for purposes other than the legitimate purpose for which it was originally provided by you to the entity.

A data subject is referred to as an individual:

♀ ♂ Candidate
♀ ♂ Client
♀ ♂ Commuter
♀ ♂ Consumer
♀ ♂ Contractor
♀ ♂ Creditor
♀ ♂ Customer
♀ ♂ Debtor
♀ ♂ Employee
♀ ♂ End User
♀ ♂ Guest
♀ ♂ Individual
♀ ♂ Job Applicant
♀ ♂ Patron
♀ ♂ Prospect
♀ ♂ Purchaser
♀ ♂ Representative
♀ ♂ Tenant
♀ ♂ Tourist
♀ ♂ Vacationer
♀ ♂ Vendor
♀ ♂ Visitor

A data subject has 8 legal rights of request, including:

1: Right to Object:  The right to object to the processing of ♀ or ♂ personal data.

2: Right to be Forgotten: The right to ask for the deletion of ♀ or ♂ data, also referred to as the “right to erasure”.

3: Right to Access: The right to get access to ♀ or ♂ personal data that is being processed.

4: Right to Withdraw Consent: The right to withdraw a previously given consent for processing of ♀ or ♂ personal data for a purpose.

5: Right to Object to Automated Processing: The right to object to a decision based on automated processing including Machine Learning and Artificial Intelligence of ♀ or ♂ personal data.

6: Right to Rectification: The right to ask for modifications to ♀ or ♂ personal data in case the data subject believes that this personal data is not up to date or accurate.

7: Right to Data Portability: The right to ask for the transfer of ♀ or ♂ personal data in a machine-readable electronic format.

8: Right to Information: The right to ask a company for information about what ♀ or ♂ personal data is being processed and the reasoning for such processing.

This right given to you by GDPR is referred to as DSAR (Data Subject Access Request).

A DSAR can be made by an individual or an individual’s appointed representative. Such requests are made in writing and mailed to the entities registered GDPR Postal address and/or via Email.

Important to note that the violating entity must have a registered address within the EU to receive GDPR mail (irrelevant if the request is sent by post or via email).

question sent in by Angela.S from Greece