ABSTRACT
Background Recital 50 states that where the data subject has given consent or the processing is based on EU or member state law that constitutes a necessary and proportionate measure in a democratic society to safeguard, in particular, important objectives of general public interest, the controller should be allowed to further process the personal data irrespective of the compatibility of the purposes. Background Recital 65 states that a data subject should have the right to have personal data concerning them rectified and a “right to be forgotten” where the retention of such data infringes this GDPR or EU or member state law to which the controller is subject. In the context of the use of information society services, and notwithstanding the ePrivacy Directive, the individual data subject may exercise their right to object by automated means using technical specifications. Organizations need to assess and implement procedures for the right to object by individual data subjects.
