8 new rights to guarantee to European residents 3/3

gdpr new rules for europeens

Last December, Matthieu Blanc – Ex – VP Product for Zeenea – asked himself: “How will the GDPR change the Big Data world?” In this series of articles, we focus on the legal aspects explained during his conference at XebiCon’17.

One of the main objectives of the GDPR is to strengthen the rights of individuals.

European residents have 8 new rights:

1) Right to be informed (Art 13 & 14)

When data is collected from a physical person, several pieces of information must be communicated to them. These include the purpose of the treatment or the rights the enterprise has relative to them. It is important that privacy and data protection policies are easily accessible and updated. A link to the privacy policy must be provided whenever data is collected from registration forms online for example.

2) Right of access (Art 15)

Exercising your right of access allows you to check the accuracy of your data and, if necessary, have it corrected or erased. For example, you can request your information to the person in charge of your file, and they are obligated to give you all of the information they have on you.

3) Right of rectification (Art 16)

The right of rectification completes the right of access. A person may request that their inaccurate data are rectified, or incomplete to be completed. It prevents an organization from processing or spreading false information about you.

4) Right to data portability (Art 20)

This is a new right. The right to portability gives people the ability to retrieve some of their data in an open, readable format. They can store or transmit them easily from one information system to another, for reuse for their personal purposes. This may be the case with telecom operators for example.

5) Right to object (Art 21)

Anyone has the opportunity to object, for legitimate reasons, to a file. They may also refuse, without having to justify themselves, that their data be used for commercial prospecting purposes.

6) Right to erasure - right to be forgotten (Art 17)

A person has the right to demand, as soon as possible, the deletion of their data, when:

  • the person has withdrawn consent to the treatment,
  • the person objects to the treatment,
  • their data are no longer necessary for the purposes of the treatment,
  • their data has been subject to unlawful processing,
  • their data must be erased under legal obligation, except in certain cases.

If the person responsible makes their data public, he or she will have to inform the other data regulators who process it that the data must be erased and not reproduced.

7) Right to restriction of processing (Art 18)

A person has the right to obtain the limitation of processing when they have objected to it, when they dispute the accuracy of the data, when their treatment is unlawful, or when they need it for finding, exercising or defending their rights in court.

8) Automated individual decision-making, including profiling (Art 22)

A person has the right not to be the subject of a decision based exclusively on automated processing, including profiling, producing legal effects concerning or affecting them, except where that decision is necessary for the conclusion or performance of a contract, is lawfully authorized, or is based on their consent.


A few months into the GDPR’s implementation, companies are still trying to understand the organizational and technical measures to put in place around their Big Data. Come find the answers to your questions and sweep together the actions to be taken to bring the regulation into compliance.

Leave a Reply

Your email address will not be published. Required fields are marked *