Skip to content

Appendix B: Relevant GDPR articles

Data subject's rights

Number Article Summary
15 Right to access A data subject can, at any time, request that you provide them in a common, easily understood format, all the personal data that you have about them.
16 Right to rectification You must provide individuals a way to correct any personal data you have on them that may be wrong.
17 Right to erasure Essentially the right to be forgotten—you must remove all personal data held on a data subject. See also Article 19.
18 Right to restriction of processing A data subject has the right to request that you stop processing their personal data. You can keep it as long as you have a good reason to, but you cannot use it for anything.
19 Right to notification If you update, delete, or stop processing any of a data subject's personal data, you must notify anyone else you may have shared this data with so they can do the same.
20 Right to data portability A data subject can request that you provide their personal data to another organisation on their behalf.

Data privacy and security

Number Article Summary
25 Data protection by design and by default Whenever you're building something that may come into contact with personal data, default to the necessary precautions and safeguards from the very first iteration.
32 Security of processing Organisations must take measures to ensure that personal data being collected is handled and stored securely. From an access and governance perspective, this means putting in place different roles with different levels of access to personal data.
46 Transfers subject to appropriate safeguards Part of the section about the transfer of personal data undergoing processing or intended for processing after transfer to a third country or international organisation.