- The right to be informed – Data subjects are entitled to know why you’re processing their data.
- The right of access – Controllers must grant data subjects access to their personal data.
- The right to rectification- Data subjects may require controllers to rectify any errors in their personal data.
- The right to erasure – Data subjects may require controllers to delete their personal data if the controller can’t justify a purpose for keeping those data.
- The right to restrict processing – In cases where controllers are not required to delete data subjects’ data, data subjects may limit the purposes for which the controller can process those data.
- The right to data portability- Data subjects may transfer their personal data between controllers.
- The right to object- Data subjects may object to the processing of their data, even where such processing is either “in the public interest” or “for legitimate interests.”