Rights & Requests
From access requests to the right to erasure: everything about data subject rights and how to respond correctly.
How to Set Up a Data Subject Request Process arrow_forward
A step-by-step guide to building a reliable process for handling GDPR data subject requests. From designating a contact point to documenting every step, this article covers everything an SME needs to handle requests correctly and on time.
GDPR Data Subject Rights: The Complete Guide for Business Owners arrow_forward
The GDPR gives individuals 8 rights over their personal data. As a business owner, you must handle these requests correctly, within one month, free of charge, and well documented. This guide explains each right and what you need to do.
Data Subject Request Mistakes That Cost SMEs Fines arrow_forward
Six common mistakes SMEs make when handling data subject requests, with real enforcement examples and practical advice on how to avoid them. From ignoring requests to panic-deleting data.
Automated Decision-Making and Profiling: What Are the Rules? arrow_forward
Article 22 GDPR gives individuals the right not to be subject to decisions based solely on automated processing. This article explains when the rules apply, the exceptions, and what your business needs to do in practice.
Right to Object: When Customers Say Stop arrow_forward
A customer objects to how you process their data. Depending on the type of objection, you may have to stop immediately or you may be able to refuse. This article explains the two types of objection, when each applies, and what to do step by step.
Right to Data Portability: What You Need to Provide arrow_forward
A customer wants their data in a format they can take to another provider. This is a data portability request. This article explains what data to include, what format to use, and how to handle it step by step.
Right to Restriction of Processing: When and How arrow_forward
A customer says 'stop using my data while we sort this out.' This article explains step by step how to handle a restriction request under the GDPR, including the four legal grounds and practical implementation.
Right to Rectification: Correcting Personal Data arrow_forward
A customer or employee says their data is wrong and wants it fixed. This article explains step by step how to handle a rectification request under the GDPR, from verifying the correction to informing recipients.
Access Request Received - What Now? Step by Step arrow_forward
A customer or employee wants to know what personal data you hold about them. That is an access request. This article explains step by step how to respond correctly, from identity verification to providing the data.
Refusing a Data Subject Request - When Is It Allowed? arrow_forward
Not every data subject request needs to be granted. But you may only refuse if you have a valid reason. This article explains when refusal is allowed and how to communicate it correctly.
Right to Erasure: When Must You Delete Data? arrow_forward
A customer asks you to erase their data. Do you always have to comply? The right to erasure has limits. This article explains when you must delete and when you may refuse.