The GDPR and citizens' data rights: what's new, what's changed and what stays the same?

The new General Data Protection Regulation (GDPR) comes into force on May 25th, 2018. For many EU citizens the new data protection regulation causes confusion and uncertainty as to what rights they will be able to excercise in the future. This article provides a quick overview as to what will be important to know for citizens concerning their data rights. 

Overall and under the GDPR, citizens have the right to:

  • obtain information about the processing of their personal data;
  • obtain access to the personal data held about them;
  • ask for incorrect, inaccurate or incomplete personal data to be corrected;
  • request that personal data be erased when it’s no longer needed or if processing it is unlawful;
  • object to the processing of their personal data for marketing purposes or on grounds relating to their particular situation;
  • request the restriction of the processing of their personal data in specific cases;
  • receive their personal data in a machine-readable format and send it to another controller (‘data portability’);
  • request that decisions based on automated processing concerning citizens or significantly affecting citizens and based on their personal data are made by natural persons, not only by computers. Citizens also have the right in this case to express their point of view and to contest the decision.

The GDPR also provides a legal basis for the future implementation of the once-only principle. The regulation stipulates more transparent e-services as citizens can obtain access to their personal data at any point it is held by a public administration. Citizens can also correct any data mistakes which leads to more efficient service deliveries. The new regulation also allows for better data portability which concerns the exchange or transfer of data between data controllers. These aspects provide a legal basis for the once-only principle as it addresses the use, storage, adjustment and portability of data when citizens get in contact with public authorities.

Now and in the future once-only solutions will reduce the administrative burden for citizens as well as companies while adhering to all data protection rules provided by the new GDPR. 

For more information: