Your Rights under the GDPR

Data protection is a fundamental right set out in Article 8 of the EU Charter of Fundamental Rights, which states;

  1. Everyone has the right to the protection of personal data concerning him or her.
  2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned, or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
  3. Compliance with these rules shall be subject to control by an independent authority.

This means that every individual is entitled to have their personal information protected, used in a fair and legal way, and made available to them when they ask for a copy. If an individual feels that their personal information is wrong, they are entitled to ask for that information to be corrected.

In order to process personal data, organisations must have a lawful reason. The lawful reasons for processing personal data are set out in Article 6 of the GDPR. The six lawful reasons for processing personal data are:

  1. Consent.
  2. To carry out a contract.
  3. In order for an organisation to meet a legal obligation.
  4. Where processing the personal data is necessary to protect the vital interests of a person.
  5. Where processing the personal data is necessary for the performance of a task carried out in the public interest.
  6. In the legitimate interests of a company/organisation (except where those interests contradict or harm the interests or rights and freedoms of the individual).

Any one of the six reasons given above can provide a legal reason for processing personal data.

The tabs at the side of this page will take you to more detailed information about:

  • your individual rights under data protection;
  • how to exercise those rights for yourself; and
  • how to raise a concern with the Data Protection Commission in cases where you feel your rights are not being respected.

It is important to remember that most organisations take data protection very seriously, and the majority of issues are resolved without ever needing to be lodged as a complaint with the DPC. The information on the following pages is designed to help you to exercise your individual rights and secure a speedy and satisfactory solution, while also explaining how to lodge a complaint in cases where that has been unsuccessful.