CIPP/US Study Guide
Chapter 14: The GDPR and International Privacy Issues

Rights to Be Informed, Access, and Rectification

The right to be informed drives privacy notices (layered, just-in-time, dashboards). The right of access underlies the subject access request and is the gateway to other rights. The right to rectification lets individuals have inaccurate data corrected or incomplete data completed.

The right to be informed requires controllers to provide processing information when they collect data - a Privacy notice. Where data is not collected directly from the subject, they must also be told details such as the source. Notice forms include a layered approach, just-in-time notices, and privacy dashboards.

The right of access lets data subjects obtain confirmation of processing, a copy of their data, and information that should already be in a privacy notice. This is the Subject access request, and it is often the gateway to exercising other rights because it reveals the what, why, and how of processing.

The Right to rectification supplements the accuracy principle, letting data subjects have inaccurate data corrected and incomplete data completed (via a supplementary statement).

Key terms - quick answers

What is “Privacy notice”?
Information a controller must provide to data subjects about how it processes their personal data.
What is “Subject access request”?
A data subject's exercise of the right of access to obtain confirmation, a copy of their data, and related processing information.
What is “Right to rectification”?
The right to have inaccurate personal data corrected and incomplete data completed.