6. Description of How Data Subjects Can Exercise Their Data Subject Rights
The aim here is to ensure data subjects have a way to exercise their personal data rights. Data subjects should be able to exert control – as much as appropriate – on how their data is being processed. This control should be addressed by implementing a protocol that will describe how to respond to data subject’s request to exercise their rights.
Before data subjects can competently exercise their rights, they must be appropriately informed. Informed data subjects will be able to exercise their right of access, rectification and erasure of their personal data, the right to restrict its processing, to object, to data portability and rights in relation to automated decision making and profiling. Whereas not all rights apply equally to all lawful basis for processing, you should describe here how do you plan to respond (to facilitate and comply) to data subjects data request – for example, if they want to access, rectify and/or erase their personal data that your project is processing. In some cases, like in small surveys, it is enough to provide data subjects with the project contact information to directly address their requests in a case-by-case basis. For larger projects, it may be best to organize beforehand a proper protocol to respond in a timely and properly manner to data subjects’ requests.
Previous: Description of Information Provided to Data Subjects | Next: Description of Lawful Basis for Processing
- Description of the Project’s Purpose
- Description of Data Subjects
- Description of the Categories and Purposes of Personal Data
- Description of the Processing of Personal Data
- Description of Information Provided to Data Subjects
- Description of How Data Subjects Can Exercise Their Data Subject Rights
- Description of Lawful Basis for Processing
- Description of Measures to Ensure Compliance By Processors and/or Joint Controllers
- Description of Planned Transfers of Personal Data to Other Countries Outside the EU
- Obtaining, Consulting, and Dealing with Data Subjects’ Views of the Processing
- Preliminary Risk Assessment