Digitise \ Capture \ Integrate

020 7732 3223

What Rights Do Individuals Have Over Their Personal Data?

Contact the Digital Transformation Experts

Ready to start your digital transformation journey? Contact Dajon today for a free no-obligation consultation!

Contact Us

Another common question we hear is: what rights do individuals actually have over their personal data?

It’s a great question—and an important one. In an age where almost every aspect of our lives is digitised, from online shopping to banking to healthcare, personal data has become one of our most valuable assets. That’s why the UK GDPR (General Data Protection Regulation) provides individuals with a set of eight key rights. These rights ensure that people stay in control of their data, and that organisations handle it responsibly.

Let’s break them down, one by one.

1. The Right to Be Informed

Transparency is at the heart of data protection. Individuals must be told how their data will be collected, used, stored, and shared.

For example, when you shop online, the retailer’s privacy notice should clearly state why your email address is collected—whether that’s for sending order confirmations, delivery updates, or future marketing. If the explanation isn’t clear, that’s a red flag.

This right makes sure that there are no hidden surprises. People deserve to know what’s happening with their data from the very start.

2. The Right of Access

Individuals have the right to see what information an organisation holds about them.

Take an employee, for example. They can request a copy of all HR records their employer stores—performance reviews, payroll details, training records, and more. This is known as a Subject Access Request (SAR), and every organisation must be ready to handle it.

For individuals, this right provides clarity. For organisations, it requires strong record-keeping and robust processes.

3. The Right to Rectification

Mistakes happen. But when it comes to personal data, mistakes can cause real problems.

That’s why individuals have the right to have inaccurate or incomplete data corrected. For example, a bank customer who notices that their account lists the wrong home address can request an immediate update.

Accurate data benefits everyone: it reduces risks for individuals and helps organisations maintain trust.

4. The Right to Erasure (The “Right to Be Forgotten”)

Sometimes people simply want their data deleted—and under certain circumstances, they’re entitled to ask.

Imagine someone who deletes their social media account. They can also request that the platform permanently removes all associated personal data, ensuring that nothing lingers in the background.

This right is especially important when data is no longer necessary for the purpose it was collected, or if someone withdraws consent.

5. The Right to Restrict Processing

There are situations where people don’t necessarily want their data erased, but they do want to limit how it’s used.

For instance, if someone disputes the accuracy of their credit record, they can ask the credit agency to pause processing that data until the issue is resolved.

This right acts as a “pause button” that gives individuals more control while organisations investigate or review.

6. The Right to Data Portability

Switching providers shouldn’t mean losing your data. That’s why individuals have the right to move their information from one service to another.

Take a mobile phone customer. They can ask their network provider to transfer their call history and usage data directly to a new provider, making the transition seamless.

This right not only empowers consumers, but also promotes fair competition between businesses.

7. The Right to Object

People have the power to stop certain types of data processing—particularly when it comes to direct marketing.

For example, if a customer no longer wants promotional emails, they can unsubscribe and request that the company stop sending them altogether.

Organisations must respect this immediately. Ignoring it isn’t just bad practice—it’s a breach of the law.

As more organisations use AI and algorithms to make decisions, this right is becoming increasingly significant.

Imagine someone applies for a loan and is rejected by an automated system. Under GDPR, they can ask for the decision to be reviewed by a human, rather than leaving their financial future entirely in the hands of a machine.

This protects individuals from unfair treatment and ensures accountability in an automated world.

Why These Rights Matter

Data rights aren’t optional. They’re a fundamental part of how modern organisations must operate. Respecting these rights builds trust, protects individuals, and helps businesses avoid serious reputational and legal risks.

For individuals, knowing these rights is empowering. For organisations, embedding them into everyday practice is essential.

At Dajon Data Management, we believe that strong data governance isn’t just about compliance, it’s about responsibility.

Related posts

Empowering Sustainable Business Practices: The Role of Data Integration in ESG Success
Data Controller vs. Data Processor: Untangling One of GDPR’s Most Important Distinctions
The Role of Unstructured Data in Digital Transformation
Enhance Data Security with Offsite Tape Storage and Vaulting
Empowering ESG Goals through Digital Transformation: How Dajon Drives Sustainability Social Responsibility and Governance