Data Subject Rights are legal entitlements granted to individuals concerning their personal information held by organizations. These rights enable individuals to exercise control over their data, including access, correction, deletion, and portability. The specific rights and their scope vary depending on applicable privacy regulations.
Data Subject Rights
Regulatory Definitions
- GDPR (Articles 12-22): Data subjects have the right to access (Art. 15), rectify (Art. 16), erase (Art. 17), restrict processing (Art. 18), data portability (Art. 20), object (Art. 21), and rights related to automated decision-making and profiling (Art. 22). Organizations must respond to requests within 30 days.
- CCPA/CPRA (Cal. Civ. Code §1798.100-1798.120): California consumers have the right to know what personal information is collected (§1798.100), delete personal information (§1798.105), correct inaccurate information (§1798.106), opt-out of sale or sharing (§1798.120), and receive non-discrimination for exercising rights (§1798.125). CPRA expanded these rights and introduced the right to limit use of sensitive personal information.
- FERPA (20 U.S.C. §1232g): Students and eligible parents have the right to inspect and review education records, request amendments to records, and receive notice of disclosures. FERPA does not use the term "data subject rights" but establishes similar individual rights over educational records.