The General Data Protection Regulation (GDPR) provides a clear set of rights for individuals, known as "data subjects," designed to give them control over their personal data. Whether you are a consumer, employee, or user of online services, it is essential to understand your rights and how to exercise them.
- Right to Information
Under GDPR, any data controller must provide clear and accessible information about how your data is collected and processed. These details must be given at the time of data collection and should include the purpose of processing, the legal basis, data recipients, and retention period.
- Right of Access
Any data subject has the right to request access to the personal data a controller holds about them. This right allows you to obtain a copy of your processed data and details about how it is used and to whom it has been disclosed.
- Right to Rectification
If your personal data is inaccurate or incomplete, you have the right to request its correction. The controller must make the necessary updates within a reasonable timeframe and inform you about the changes.
- Right to Erasure ("Right to Be Forgotten")
In certain circumstances, you have the right to request the deletion of your personal data, particularly if it is no longer necessary for the purpose for which it was collected, if you withdraw consent, or if the data has been processed unlawfully.
- The right to restriction of processing
If you have doubts about the accuracy of your data or the legality of its processing, you can request that its processing be restricted. In such cases, the controller can only store the data without using it for other purposes until the issue is resolved.
- Right to Data Portability
This right allows you to receive your personal data in a structured, commonly used format so that you can transfer it to another data controller. It is particularly useful when switching digital service providers, banks, or telecommunications companies.
- The right to object
You can object to the processing of your personal data in certain situations, especially when processing is based on legitimate interest or is used for direct marketing purposes. The controller must stop processing your data unless they can demonstrate compelling legitimate grounds that override your rights.
- Right Not to Be Subject to Automated Decision-Making, Including Profiling
If a decision that significantly affects you is made solely through automated processing (without human intervention), you have the right to request human involvement and express your point of view regarding the decision.
- Right to Lodge a Complaint with the Supervisory Authority
If you believe your data is being processed unlawfully, you can file a complaint with the National Authority for the Supervision of Personal Data Processing (ANSPDCP) or another competent authority within the EU.
- Right to Compensation
If you suffer damage due to the unlawful processing of your data, you have the right to seek compensation through legal proceedings.
Conclusion
Personal data protection is a fundamental right, and GDPR provides essential tools to ensure transparency and security in data processing. If you need further clarification or legal assistance regarding data protection, do not hesitate to consult a lawyer specializing in GDPR.
Ensuring compliance with these rights is crucial both for data subjects and for data controllers, who must adhere to GDPR standards to avoid penalties and legal disputes.
EN 
RO