0345 200 1185
Work for Daffodil   |   Client Area
Daffodil IT Support Sheffield
GDPR the right of individualsBusiness Continuity 

GDPR – Part 2: The Rights of the Individual Explained

What is Personal Data?

The GDPR applies to personal data of individuals residing in the EU or EU nationals working outside the EU. This is any information that can directly or indirectly identify an actual person, and can be in any format. In addition, the Regulation places much stronger controls on the processing of special categories of personal data.

Personal Data Special categories of Personal Data


Email address


IP address

Location data

Online behaviour (cookies)

Profiling and analytics data



Political opinions

Trade union membership

Sexual orientation

Health information

Biometric data

Genetic data


The Rights of the Individual

The GDPR provides the following rights for individuals:

The right to be informed: The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice. It emphasises the need for transparency over how you use personal data

The right of access: Individuals have the right to access their personal data and supplementary information such as how their data is being processed. Information must be provided free of charge and at the latest within one month of receipt.

The right to rectification:  The GDPR gives individuals the right to have personal data rectified if it is inaccurate or incomplete.

The right to erase:  To enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.

The right to restrict processing: Individuals have a right to ‘block’ or suppress further processing of personal data. When processing is restricted, you are only permitted to use just enough information to identify the user’s preference that none of their data should continue to be processed. You are further permitted to store any existing personal data you hold on the user as long as you do not use it further.

The right to data portability: Users’ right to request a copy of personal data in a format usable by them and electronically transmissible to another processing system.

The right to object: Individuals have the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling), direct marketing and processing for purposes of scientific/historical research and statistics.

Rights in relation to automated decision making and profiling: Automated decision-making can only be used where the decision is necessary for the entry into or performance of a contract; authorised by Union or Member state law applicable to the controller; or based on the individual’s explicit consent.


Find out more in our GDPR series: Part 1: The Basics of GDPR & Part 3: Preparing your business for GDPR

Please follow and like us:

Related posts

Leave a Comment

Contact Us

Daffodil IT Headquarters
Unit 2 Acres Hill Business Park
Acres Hill Lane
South Yorkshire, S9 4LR

T: 0345 200 1185
E: info@daffodil-it.co.uk

    Copyright © 2016 Daffodil IT Ltd
    Company No: 8567514
    Design & Hosting: Daffodil IT

Bespoke IT Services for Small to Medium Businesses