My favourites

Chapter III – Rights of the data subject (Art.12-23)

Art. 12 GDPR - Transparent information, communication and modalities for the exercise of the rights of the data subject arrow_right_alt

Art. 13 GDPR - Information to be provided where personal data are collected from the data subject arrow_right_alt

Art. 14 GDPR - Information to be provided where personal data have not been obtained from the data subject arrow_right_alt

Art. 15 GDPR - Right of access by the data subject arrow_right_alt

Art. 16 GDPR - Right to rectification arrow_right_alt

Art. 17 GDPR - Right to erasure ('right to be forgotten') arrow_right_alt

Art. 18 GDPR - Right to restriction of processing arrow_right_alt

Art. 19 GDPR - Notification obligation regarding rectification or erasure of personal data or restriction of processing arrow_right_alt

Art. 20 GDPR - Right to data portability arrow_right_alt

  1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
    1. the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
    2. the processing is carried out by automated means.
  2. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
  3. The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  4. The right referred to in paragraph 1 shall not adversely affect the rights and freedoms of others.
Related
Close tabsclose
  • 68

Recital 68

To further strengthen the control over his or her own data, where the processing of personal data is carried out by automated means, the data subject should also be allowed to receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. Data controllers should be encouraged to develop interoperable formats that enable data portability. That right should apply where the data subject provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contract. It should not apply where processing is based on a legal ground other than consent or contract. By its very nature, that right should not be exercised against controllers processing personal data in the exercise of their public duties. It should therefore not apply where the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller. The data subject’s right to transmit or receive personal data concerning him or her should not create an obligation for the controllers to adopt or maintain processing systems which are technically compatible. Where, in a certain set of personal data, more than one data subject is concerned, the right to receive the personal data should be without prejudice to the rights and freedoms of other data subjects in accordance with this Regulation. Furthermore, that right should not prejudice the right of the data subject to obtain the erasure of personal data and the limitations of that right as set out in this Regulation and should, in particular, not imply the erasure of personal data concerning the data subject which have been provided by him or her for the performance of a contract to the extent that and for as long as the personal data are necessary for the performance of that contract. Where technically feasible, the data subject should have the right to have the personal data transmitted directly from one controller to another.

Art. 21 GDPR - Right to object arrow_right_alt

Art. 22 GDPR - Automated individual decision-making, including profiling arrow_right_alt

Art. 23 GDPR - Restrictions arrow_right_alt