ABSTRACT
Chapter 13 deals with the rights of individuals as Data Subjects, which have been greatly improved with GDPR. Organisations are now obliged to tell Data Subjects how their data is going to be used and who it will be shared with at the time they provide the data (or when an organisation starts to use their data for the first time). The “biggest” new right that individuals have under the legislation is the right to obtain a copy of all the personal data that a particular organization collects about them; in some cases, individuals can also ask for their data to be erased, made more accurate or even to stop the data being processed at all. Because this is such a complex area many of the Supervisory Authorities have produced guidance on their websites. GDPR applies to any personal information that relates to an “identifiable person”. ALL companies and organisations who process the personal data of people based in the EU, regardless of where the company is located, are covered by the legislation as are any organisation within the EU who process personal data of individuals outside the EU.
