Rights of data subjects
Acces, rectification, erasure, restriction of processingData subjects also have the right of access to personal data which have been collected in order to verify the lawfulness of the processing. This includes the right for data subjects to have access to data concerning their health, for example the data in their medical records. If the data is inaccurate, the data subject has the right to rectification thereof and in certain cases the right to erasure of the data (also referred to as the right to be forgotten) or the right to restriction of processing. In case of rectification, erasure or restriction, the controller needs to notify any recipient to whom the personal data have been disclosed. For example, if it turns out that some of Anna’s data in her hospital medical record is inaccurate, the hospital needs to notify the parties this data has been shared with, such as her GP.
Data portabilityIf Anna wants to change physicians, she has the right to receive her data from her current one and transmit it to the new one. This is called the right to data portability. If the legal basis for processing personal data is carried out in the public interest, in exercise of official authority, is necessary for a legitimate interest or if personal data are processed for direct marketing purposes, Anna also has the right to object to the processing. A final interesting right for data subjects is the right not to be subject to automated decision-making, including profiling. Automated means, without the interference of a human being. Profiling is the use of personal characteristics or behaviour patterns to make generalisations about a person, for example the targeted advertisments Anna received were due to tracking her online behaviour patterns. When data brokers have enough patterns about a person, a profile can be made which tells a lot about a person.If these rights of data subjects are infringed, they have the right to lodge a complaint with a supervisory authority (Article 77) or the right to an effective legal remedy against a controller or processor before a national court (Article 79).In this step you learned more on the rights of data subjects. Which of these rights do you think help protect a data subject, such as Anna or yourself, best? And why? Please discuss this with other learners on the discussion board.
Protecting Health Data in the Modern Age: Getting to Grips with the GDPR
Our purpose is to transform access to education.
We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.
We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.