top of page

Data control under GDPR: User rights

Updated: Feb 8

 Sumeyye from VF is the author of the article titled as :"Data control under GDPR user rights

Date of publication: 22/07/2023

Have you ever thought about where the data you use on the internet go? The personal data you use is so valuable that there is even a legal regulation just to store and protect them. How can you prevent this if someone posts false or inaccurate information about you? The answer to all of these is hidden in the GDPR law. So let’s take a look at this law and what its details are.

woman performing data control using technology

Actually, knowing the rights we have as users is an important element for data security. The GDPR is a set of data protection rules that became effective in the EU on May 25, 2018. However, we need to define some terms first, for example, “Data Controller”. A data controller is an entity or person who determines the purposes and means of processing personal data. In fact, they have the overall responsibility to ensure that personal data is processed lawfully, fairly, and transparently. Therefore, they have a very important place in the processing of personal data.

Data Controller Responsibilities under GDPR

1. Legal Basis and Consent

Data controllers require a legal basis for processing personal data, including consent, necessity, obligation, interests, or duty. They should also seek explicit consent from individuals when necessary.

2. Transparency

Data controllers must provide clear information about personal data processing, including purposes, legal basis, retention, and rights.

3. Data Minimization

Controllers should collect and process only personal data necessary for the stated purposes. They should avoid excessive or unnecessary data collection.

4. Data Security

Controllers should implement appropriate technical and organizational measures. This way, they protect personal data from unauthorized access, disclosure, alteration, or destruction.

5. Data Subject Rights

Data controllers must respect data subjects' rights, including access, rectification, deletion, restriction, data portability, and objection.

Threats and Dangers

While GDPR strengthens the protection of personal data, there are still potential threats and dangers that data controllers should be aware of; here are a few of them:

1. Data Breach

Inadequate security measures can potentially lead to data breaches resulting in unauthorized access or disclosure of personal data. Data controllers should have robust security measures to mitigate this risk. So, to avoid this, powerful cybersecurity software can be used.

2. Non-compliance

Non-compliance with the GDPR can result in significant fines and penalties. Data controllers must ensure they have appropriate procedures and practices to comply with GDPR requirements. Otherwise, they may have to pay penalties or compensation.

3. Reputation Damage

Misuse of personal data or experiencing a data breach can damage a data controller's reputation. This can lead to a loss of trust from customers, partners, and the public.

keyboard is to be used with caution due to data control

User Rights and Compensation

Under the GDPR, individuals have various rights regarding their personal data. These rights include:

1. Right of Access

Individuals can request access to their personal data held by data controllers and receive information on how they are processed.

2. Right to Rectification

In case of inaccurate or incomplete personal data, individuals have the right to request their correction.

3. Right to Deletion

Also known as the “right to be forgotten”, individuals may request the deletion of their personal data in certain situations.

4. Right to Restriction of Processing

Individuals may request the restriction of the processing of their personal data in certain cases, such as objecting to the accuracy of their personal data.

5. Right to Data Portability

Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and transfer it to another data controller.

6. Right of Objection

Individuals may object to the processing of their personal data, including profiling, in certain circumstances.

Regarding compensation, individuals can claim compensation for damages suffered as a result of a data controller's non-compliance with GDPR. Compensation claims can be made for both material and moral damages, such as financial loss, reputational damage, or emotional distress. Therefore, individuals can address their claims for compensation directly to the data controller or take legal action. This can be done through the relevant judicial authorities or data protection supervisory bodies.


Data controllers play a very important role in ensuring compliance with the GDPR and protecting the rights of individuals regarding their personal data. What’s more, data controllers can navigate the GDPR landscape effectively by understanding their responsibilities, potential threats, and data subjects' rights. Therefore, it is essential that data controllers prioritize data security, transparency, and adherence to GDPR principles. This way, they maintain trust, avoid penalties and protect the privacy of individuals' personal data.


You can also read about:


Reference List

26 views0 comments


bottom of page