Sixth Principle - rights of data subjects

"Personal data shall be processed in accordance with the rights of the Data Subject under the Act"

Data controllers should always have in mind the rights of the data subject and relevant procedures should ensure that these rights are not infringed.

The data subject has the following rights:

  • Right of access to personal information known as a Subject Access Request
  • Right to prevent processing for Direct Marketing purposes
  • Right to prevent processing likely to cause substantial damage or distress
  • Rights in relation to automated decision making
  • Right to seek compensation for any damage or distress caused by the failure of a Data Controller to comply with the requirements of the Act, including the unjustifiable failure to comply with a subject access request
  • Right to take action to rectify, block, erase or destroy inaccurate data

It is, therefore, in the best interest of the data controller to ensure that the data subject is fully informed when the data is obtained as to the use and dissemination of their personal data.

There is extensive guidance on the "right of access to personal data", which is the fundamental right exercised most frequently.

Further information on all the rights of individuals can be found by following this link.