What are the rights of a data subject?

The General Data Protection Regulation assigns a number of rights to data subjects. These rights can be invoked vis-à-vis the data controller. When a data subject successfully invokes one of her rights, this often means that the organisation processing her data has violated the GDPR on another point, because most rights of data subjects correlate with the duties of data controllers. Consequently, in general, data subject rights do not add any substantive data protection requirement, but merely give tools to data subjects to mandate that data controllers indeed respect the obligations discussed in Chapter 3 and 4. It is important to stress that although data subjects can remedy GDPR violations by invoking their rights, data protection authorities can sanction those violations independent of any data subject right being invoked. Thus, although journalists, policy makers and laymen often emphasise the role of data subject rights, they in fact are peripheral to the EU data protection framework (for an overview, please check the table on the next page).