GDPR Data Subject Rights Policy
Under the GDPR, individuals (“data subjects”) are given a range of key
rights designed to help protect their personal data as well as their own
interests and freedoms. Of these, the first and most important is the
‘right to be informed’. Not only does that require organisations to explain
the what, how, and why when it comes to their use of personal data, but it
also requires them to inform data subjects about their rights.
however, it may also be desirable to explain individuals’ rights in more
This Data Subject Rights Policy is designed to explain each of the data
subject rights set out in the GDPR. It does so using user-friendly language
/ Privacy Notice templates.
Information is also provided on how to exercise each right. By default,
this can be done by a data subject contact you and stating their wish to
exercise a particular right; however, this template also contains optional
sections which allow you to add in alternative methods – something that can
be particularly useful if all or most of a data subject’s rights can be
exercised through an online account or profile.
There are also exceptions to some rights and certain caveats, such as your
right to refuse or to take an additional period of two months (over and
above the standard one calendar month) to respond to a request. These are
also explained in the policy.
It is important to note that this document is designed for use alongside an
employee-facing) document. It is not designed for use as an internal
Optional phrases / clauses are enclosed in square brackets. These should be
read carefully and selected so as to be compatible with one another. Unused
options should be removed from the document.
This Data Subject Rights Policy contains the following parts:
1. Information About [Us] OR [Me]
2. What Does This Policy Cover?
3. What Is Personal Data?
4. What Are My Rights? (Summary)
5. The Right to Be Informed
6. The Right of Access
7. The Right to Rectification
8. The Right to Erasure
9. The Right to Restrict Processing
10. The Right to Data Portability
11. The Right to Object
12. Automated Decision-Making (Including Profiling)
13. Exercising Your Rights
14. [Our] OR [My] Acknowledgement and Response
15. Your Right to Complain
16. Changes to this Policy
This template is in open format. Either enter the requisite details in the
highlighted fields or adjust the wording to suit your purposes.
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.