Data Subject Rights Policy Template

GDPR Data Subject Rights Policy

BS.DAT.05

Under the GDPR, individuals (“data subjects”) are given a range of key rights designed to help protect their personal data as well as their own interests and freedoms. Of these, the first and most important is the ‘right to be informed’. Not only does that require organisations to explain the what, how, and why when it comes to their use of personal data, but it also requires them to inform data subjects about their rights.

Much of this is normally achieved using a Privacy Notice or Privacy Policy; however, it may also be desirable to explain individuals’ rights in more detail.

This Data Subject Rights Policy is designed to explain each of the data subject rights set out in the GDPR. It does so using user-friendly language and at greater length than the corresponding section in our Privacy Policy / Privacy Notice templates.

Information is also provided on how to exercise each right. By default, this can be done by a data subject contact you and stating their wish to exercise a particular right; however, this template also contains optional sections which allow you to add in alternative methods – something that can be particularly useful if all or most of a data subject’s rights can be exercised through an online account or profile.

There are also exceptions to some rights and certain caveats, such as your right to refuse or to take an additional period of two months (over and above the standard one calendar month) to respond to a request. These are also explained in the policy.

It is important to note that this document is designed for use alongside an existing Privacy Policy or Privacy Notice as a customer-facing (or employee-facing) document. It is not designed for use as an internal company policy, nor does it replace a Privacy Policy or Notice.

Optional phrases / clauses are enclosed in square brackets. These should be read carefully and selected so as to be compatible with one another. Unused options should be removed from the document.

This Data Subject Rights Policy contains the following parts:
1. Information About [Us] OR [Me]
2. What Does This Policy Cover?
3. What Is Personal Data?
4. What Are My Rights? (Summary)
5. The Right to Be Informed
6. The Right of Access
7. The Right to Rectification
8. The Right to Erasure
9. The Right to Restrict Processing
10. The Right to Data Portability
11. The Right to Object
12. Automated Decision-Making (Including Profiling)
13. Exercising Your Rights
14. [Our] OR [My] Acknowledgement and Response
15. Your Right to Complain
16. Changes to this Policy

This template is in open format. Either enter the requisite details in the highlighted fields or adjust the wording to suit your purposes.

Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.

Top