Your Rights Under the GDPR

Under the GDPR (General Data Protection Regulation), you have seven key rights: access, correction, erasure, restriction of processing, data portability, objection, and the right not to be subject to automated decision-making. These rights give you control over how organizations use your personal data and protect your privacy in the digital world.

Let MijnRecht.AI analyze your situation for free

Analyse my situation

The Short Answer

The GDPR gives you seven fundamental rights over your personal data. You can access the data organizations hold on you, correct errors, and have your data erased. You can also restrict processing, transfer your data to another provider, object to certain processing, and demand that important decisions are not made fully automatically. These rights can be exercised free of charge, and organizations must respond within one month.

What does the law say?

The GDPR has been in force in all EU countries, including the Netherlands, since May 2018. This European law replaces older privacy legislation and gives consumers much more control over their personal data. Organizations that violate the GDPR can be fined up to 20 million euros or 4% of their annual turnover. In the Netherlands, the Dutch Data Protection Authority oversees compliance with these rules.

1Articles 15-22 GDPR: your seven data rights

2Article 12 GDPR: free exercise of rights within one month

3Article 77 GDPR: right to lodge a complaint with the supervisory authority

What to watch out for

Organizations must verify your identity before acting on your request, so have a copy of your ID ready. Note that some rights only apply in certain situations - for example, the right to erasure does not always apply if the organization has a legal obligation to retain the data. Always keep your requests and the organization's responses. If an organization does not respond within a month or unjustly refuses your request, you can file a complaint with the Dutch Data Protection Authority.

1Verify your identity with a copy of your ID document

2Check if the right applies to your specific situation

3Keep all communication with the organization

4File a complaint with the DPA if the organization does not cooperate

Practical Example

Suppose you want to switch banks and ask your new bank to transfer your data from your old bank. Then you are using the right to data portability - your old bank must provide your financial data in a readable format. If you discover that an online store is still sending you marketing emails after you've unsubscribed, you can exercise your right to object. And if an insurer rejects your claim based on a fully automated system, you can demand that a human review your case. In all these cases, the organization must respond to your request within one month.

What can you do?

This is how you exercise your GDPR rights:

1Send a written request to the organization (email is also possible) clearly stating which right you want to exercise

2Include a copy of your ID document and wait up to one month for a response

3File a complaint with the Dutch Data Protection Authority if the organization does not respond or unjustly refuses your request

Conclusion

Your GDPR rights give you powerful tools to maintain control over your personal data. Exercising these rights is free, and organizations must take them seriously, or risk facing hefty fines.

Frequently Asked Questions

Does it cost money to exercise my GDPR rights?

How long does an organization have to respond to my request?

Can I always demand that my data be deleted?

What is the difference between data portability and access?

Can I object to all data processing?

Free analysis

Have a legal question?

Let AI analyse your situation and discover your rights and options instantly.