Appendix 4. GDPR and Individual Rights
The GDPR provides the following eight rights for individuals, individuals have:
1. The right to be informed
They have the right to know, what personal information about them is being collected, how it is being used, how long it will be kept for and whether it will be shared with any other parties,
2. The right of access
They may submit subject access requests (request for personal information the University holds on them), º¬Ðß²ÝÊÓƵ must provide a copy of any personal data it holds within one calendar month of making the request,
3. The right of rectification
If an individual finds that the personal information º¬Ðß²ÝÊÓƵ holds on them is inaccurate or incomplete, they can request that it is updated within one month of making the request,
4. The right to erasure
An individual can request that º¬Ðß²ÝÊÓƵ erases their personal data. For example, when it is no longer necessary for the University to keep it or they have withdrawn their consent for the University to process their personal data.
5. The right to restrict processing
An individual can request that the University limits the way it uses their personal data. For example, in cases where they wish to contest the accuracy of the personal data the University holds about them.
6. The right to data portability
They have the right to obtain and reuse; or have their personal data the University holds on them transmitted in a structured, commonly used and machine-readable format to another data controller, to take advantage of other services.
7. The right to object
Individuals have the right to object to the processing of their personal data. They might disagree with decisions the University has made about its lawful basis for processing their personal data e.g. legitimate interest.
8. Rights related to automated decision making / profiling
They have the right to request human intervention, or to challenge a decision made using an automated individual decision-making process (including profiling).