Every company in the EU is required by law to grant access to your personal data, the ability to have it corrected or even deleted and more. Here at datarequests.org, we want to help you exercise these rights.
What are my rights?#
With the introduction of the General Data Protection Regulation (GDPR), data protection law was harmonised throughout the EU. Since then, every company in the EU (or even outside the EU if they offer their services to EU citizens) has to grant you the following rights (among others):
- Right of access
You have a right to know what data a company has stored on you. In addition, you can, for example, ask what the purpose for storing the data was or which source it was obtained from. If the company employs scoring, they have to tell you your score and explain in detail how it is calculated.
- Right to rectification
If a company is storing incorrect information on you, they have to correct it immediately upon receiving a notice from you.
- Right to be forgotten
As soon as the data a company has stored about you is no longer necessary for the purpose for which it was collected, you can demand they delete this data. If the data was passed on to third companies, they must even be informed about your deletion request.
- Right to object
Even if you have given your consent to the use of your data at some point, you may revoke it at any time. The company cannot make the revocation of consent more difficult than the original approval.
- Right to data portability
The information you provide to a company is yours. You have the right to receive this information from them in a common machine-readable format so that you can easily transfer it to another company.
You can find an even more detailed overview in our article about your rights under the GDPR.
How can I exercise these rights?#
To exercise these rights, you can simply submit an informal application to the respective company. Companies are required by law to make this process as simple as possible.
If a company has a data protection officer, it always makes sense to contact them directly. A data protection officer not only has to be specially trained in data protection issues, but is also subject to confidentiality obligations with regard to incoming inquiries.
How do you plan on helping me regarding these issues?#
Our goal with datarequests.org is to offer you a platform that simplifies exercising all of these rights for you.
We maintain a company database where you can find contact details for numerous companies and other organisations. If a company has a dedicated data protection office, we will mention this in the database so that you can contact them directly.
In addition, we offer a generator that will do most of the work for you when it comes to writing letters to exercise your rights. Simply select a company, enter your identification data and you have a finished letter which you can send directly to the company.
And the best part? All this happens entirely on your computer. We never get access to your data, so there is no need for you to worry about disclosing your personal data to yet another entity.
How can I get involved?#
There are many areas at datarequests.org in which you can participate—regardless of your previous experience with data privacy law, programming and the like. We are grateful for every helping hand!
To learn more on how to participate in the project, have a look at the “Contribute” page.