Data protection rights
Data Protection Rights
Data protection rights should be known by all citizens and in this article we will try to explain in an intelligible way, what they are and what they are for.
What is a data protection right?
Data protection rights consist of the principles and rules pertaining to the protection of individuals with regard to the processing of their personal data by third parties.
It is important to define that a personal data is any information that identifies or makes a person identifiable, being an example of personal data, the DNI, name and surname, address, etc.
The protection of individuals in relation to the processing of personal data is a fundamental right under the Charter of Fundamental Rights of the European Union and the Treaty on the Functioning of the European Union(TFEU), both of which state that everyone has the right to the protection of his or her personal data.
The General Data Protection Regulation (GDPR) 679/2016, regulates in the European Union the processing of personal data of all citizens of the Union and its principles and rules are mandatory for any natural or legal person who processes personal data of other persons whether, for example, because they are your customers, employees, job applicants, etc.
What are my data protection rights?
Our data protection rights, as set out in the GDPR are as follows:
Right of Access
We can contact any entity to find out if they are treating or not our personal data, and in the affirmative case ask them to inform us which of our data they are treating.
Right of Rectification
We may contact any entity that processes our personal information to request that they update it to keep it accurate at all times.
Right of Opposition
Request that our personal data not be processed in certain circumstances, including profiling.
Right of Deletion (“right to oblivion”)
We may request that whoever processes our personal data, that it be deleted.
Right of Limitation.
This is the right we have to ask to limit the processing either in a temporary space or a specific part of personal data related to our person.
Right of Portability.
We have the right to ask whoever processes our personal data to provide it to us in a structured, commonly used and machine-readable format, and to transmit it to another company of our choice.
The right not to be subject to individualized decisions.
We may request not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects or significantly affects us.
Right to complain to the AEPD
If you believe that your exercise of your data protection rights has not been properly addressed, you can complain to the Spanish Data Protection Agency (AEPD), by writing to the address C/ Jorge Juan, 6, 28001 Madrid or at www.aepd.es.
How can I exercise my data protection rights?
To contact an entity that processes our data and request to exercise any of our rights, it is advisable to do so in writing, being sufficient an email, although it can be by mail.
In this letter you must detail the right you wish to exercise and will be accompanied by a copy of the ID card so that they can identify us and also verify that we are really us, minimizing as far as possible the impersonation of identity.
Any entity has a Privacy Policy on its website, which will make it easier for us to find an email address where we can send our exercise of our rights.
There it will also be possible to contact your data protection officer (if he/she is obliged to designate one) and address our doubts, recommendations and help about the treatment of our personal data. Usually also by e-mail.
Although depending on the case, if you have been given a data protection document to sign, this information must be included in it. Take a photo of the document or ask for a copy.
How should you handle my request to exercise my data protection rights?
They are obliged to reply to you within a maximum period of 1 month, although the Regulations urge you to do so as soon as possible.
Exercising your rights is free of charge. However, in cases of unfounded or excessive requests, they may charge a fee proportional to the administrative costs incurred.
The rights can be exercised directly or through a legal representative.
Violations and penalties
If they do not attend or hinder the exercise of your data protection rights, they could be committing a very serious infringement and could be sanctioned.
It should be remembered that the penalties in this regulation are very high, as they can reach up to 20 million euros.
As published by the AEPD, since the GDPR came into force definitively in 2018:
- 41% of the complaints resulted in sanctions.
- Forty-four percent ended in warnings.
- And 15% were filed.
Protocols of attention to data protection rights
If you have a business, you must have a protocol of action to receive any exercise of rights, but also the response to each of these.
If you need help, in Business Adapter® we are experts in Data Protection and we will take care of this and the rest of the obligations of this regulation.
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]No obligation quote[/su_button]