{"id":231,"date":"2022-01-21T12:45:49","date_gmt":"2022-01-21T11:45:49","guid":{"rendered":"https:\/\/www.amedeomaturo.com\/en\/?p=231"},"modified":"2022-03-31T09:35:34","modified_gmt":"2022-03-31T07:35:34","slug":"data-subject-rights-dsr","status":"publish","type":"post","link":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/","title":{"rendered":"Data Subject Rights &#8211; DSR"},"content":{"rendered":"<h1>Data Subject Rights &#8211; DSR<\/h1>\n<p>This post is part of the <em>long journey<\/em> started with the descriptions of the tasks usually assigned to a <a href=\"https:\/\/www.amedeomaturo.com\/blog\/certified-information-privacy-manager-cipm\/\" target=\"_blank\" rel=\"noopener\"><strong>Certified Information Privacy Manager<\/strong><\/a>. So, now it is time to talk about the Data Subject Rights (for short: <strong>DSR<\/strong>).<\/p>\n<p>&nbsp;<\/p>\n<h2>Data Subject Rights: What are they?<\/h2>\n<p>First, in the <strong>GDPR<\/strong>, there is not a specific definition of what they are, but they are clearly enumerated starting from article 12 (see the full official text <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=CELEX:32016R0679&amp;from=ES#d1e2161-1-1\" target=\"_blank\" rel=\"noopener\"><strong>here<\/strong><\/a>).<\/p>\n<p>Broadly speaking, DSRs consist in the rights granted to individuals by the <strong>GDPR <\/strong>allowing them to have the strictest control possible on their own <strong>personal data<\/strong>.<\/p>\n<p>Consequently, an individual, under the scope of the privacy European legislation, can:<\/p>\n<ul>\n<li>receive the information mentioned in art. 13;<\/li>\n<li>access his\/her personal data;<\/li>\n<li>rectify or erase them (the so-called <em>right to be forgotten<\/em>);<\/li>\n<li>restrict the scope of the processing;<\/li>\n<li>transfer the data to a different controller;<\/li>\n<li>object to the processing (under specific conditions).<\/li>\n<\/ul>\n<p>So, the data subjects have all these rights; now it is time to see how to enforce them.<\/p>\n<p>&nbsp;<\/p>\n<h2>Ensuring the effectiveness of DSR<\/h2>\n<h3>DSR: Who is obliged<\/h3>\n<p>According to the art. 12 GDPR, it is up to the <strong>controller<\/strong> to answer in a timely manner to the requests presented by the data subject in a &#8220;&#8230; <em>concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child<\/em>.&#8221;<\/p>\n<p>Although, a <strong>Processor <\/strong>can help in dealing with this task, the <strong>accountability<\/strong> will always be on the Controller&#8217;s side.<\/p>\n<h3>How to deal with DSR<\/h3>\n<p>Specifically, the information shall be provided in writing, including by electronic means. If the request comes from an unambiguously identified data subject, the information could even be provided orally.<\/p>\n<h3>DSR and the concept of <em>timely manner<\/em><\/h3>\n<p>Primarily, a <strong>controller <\/strong>must provide the information &#8220;<em>without undue delay and in any event within <strong>one month<\/strong> of receipt of the request.<\/em> Where necessary, the controller can extend that period by two further months, taking into account the complexity and number of the requests. Therefore, the controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.&#8221;<\/p>\n<h3>DSR: what if&#8230;<em><br \/>\n<\/em><\/h3>\n<p>What if the controller doesn&#8217;t attend a <strong>DSR<\/strong> properly. You better avoid this situation&#8230;<\/p>\n<p>Foundationally, infringements of the <strong>DSR <\/strong>shall be subject to administrative fines up to <strong>20 Millions \u20ac<\/strong> or up to <strong>4% of the total worldwide annual turnover<\/strong> of the preceding financial year, whichever is higher.<\/p>\n<p>&nbsp;<\/p>\n<h2>Conclusion<\/h2>\n<p>To sum up, the controller must ensure the Data Subject Rights. The tasks associated to the legal requirements could be tricky. <a href=\"https:\/\/www.amedeomaturo.com\/contacto\/\" target=\"_blank\" rel=\"noopener\"><strong>Drop us a line<\/strong><\/a>. We are your <strong>Privacy Manager in Spain, Europe<\/strong> and we&#8217;re to help you!<\/p>\n<p>&nbsp;<\/p>\n<div id=\"attachment_3119\" style=\"width: 160px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3119\" class=\"wp-image-3119 size-thumbnail\" title=\"data-subject-rights-dsr\" src=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\" alt=\"data-subject-rights-dsr\" width=\"150\" height=\"150\" \/><p id=\"caption-attachment-3119\" class=\"wp-caption-text\">Privacy Guys help you with the DSR<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Data Subject Rights &#8211; DSR This post is part of the long journey started with the descriptions of the tasks usually assigned to a Certified Information Privacy Manager. So, now it is time to talk about the Data Subject Rights (for short: DSR). &nbsp; Data Subject Rights: What are they? First, in the GDPR, there [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[13,14,15,16,17,18,19,20],"tags":[21,22,23,24,25,7,109,111,26],"class_list":["post-231","post","type-post","status-publish","format-standard","hentry","category-data-privacy-officer","category-data-subject-rights","category-data-subjects","category-dsr","category-gdpr","category-personal-data","category-privacy","category-processor","tag-data-subject-rights","tag-dpo","tag-dsr","tag-gdpr","tag-personal-data","tag-privacy","tag-privacy-manager-europe-spain","tag-privacy-manager-in-spain","tag-processor"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Subject Rights - DSR - Amedeo Maturo - English<\/title>\n<meta name=\"description\" content=\"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Subject Rights - DSR - Amedeo Maturo - English\" \/>\n<meta property=\"og:description\" content=\"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/\" \/>\n<meta property=\"og:site_name\" content=\"Amedeo Maturo - English\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-21T11:45:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-31T07:35:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\" \/>\n<meta name=\"author\" content=\"Amedeo Maturo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amedeo Maturo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/\"},\"author\":{\"name\":\"Amedeo Maturo\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"headline\":\"Data Subject Rights &#8211; DSR\",\"datePublished\":\"2022-01-21T11:45:49+00:00\",\"dateModified\":\"2022-03-31T07:35:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/\"},\"wordCount\":476,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\",\"keywords\":[\"Data Subject Rights\",\"DPO\",\"DSR\",\"GDPR\",\"personal data\",\"privacy\",\"privacy manager europe spain\",\"Privacy Manager in Spain\",\"processor\"],\"articleSection\":[\"Data Privacy Officer\",\"Data Subject Rights\",\"data subjects\",\"DSR\",\"GDPR\",\"personal data\",\"privacy\",\"processor\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/\",\"name\":\"Data Subject Rights - DSR - Amedeo Maturo - English\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\",\"datePublished\":\"2022-01-21T11:45:49+00:00\",\"dateModified\":\"2022-03-31T07:35:34+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"description\":\"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\",\"contentUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/data-subject-rights-dsr\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Subject Rights &#8211; DSR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\",\"name\":\"Amedeo Maturo - English\",\"description\":\"Otro sitio m\u00e1s de Amedeo Maturo - Multisite\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\",\"name\":\"Amedeo Maturo\",\"sameAs\":[\"http:\\\/\\\/www.amedeomaturo.com\"],\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/author\\\/amedeomaturo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Subject Rights - DSR - Amedeo Maturo - English","description":"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/","og_locale":"en_US","og_type":"article","og_title":"Data Subject Rights - DSR - Amedeo Maturo - English","og_description":"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager","og_url":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/","og_site_name":"Amedeo Maturo - English","article_published_time":"2022-01-21T11:45:49+00:00","article_modified_time":"2022-03-31T07:35:34+00:00","og_image":[{"url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png","type":"","width":"","height":""}],"author":"Amedeo Maturo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amedeo Maturo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#article","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/"},"author":{"name":"Amedeo Maturo","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"headline":"Data Subject Rights &#8211; DSR","datePublished":"2022-01-21T11:45:49+00:00","dateModified":"2022-03-31T07:35:34+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/"},"wordCount":476,"commentCount":0,"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png","keywords":["Data Subject Rights","DPO","DSR","GDPR","personal data","privacy","privacy manager europe spain","Privacy Manager in Spain","processor"],"articleSection":["Data Privacy Officer","Data Subject Rights","data subjects","DSR","GDPR","personal data","privacy","processor"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/","url":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/","name":"Data Subject Rights - DSR - Amedeo Maturo - English","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#primaryimage"},"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png","datePublished":"2022-01-21T11:45:49+00:00","dateModified":"2022-03-31T07:35:34+00:00","author":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"description":"Data Subject Rights DSR privacy DPO GDPR personal data processor accountability CIPM Certified Information Privacy Manager","breadcrumb":{"@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#primaryimage","url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png","contentUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2014_IAPP_ThisGuy3x3-circle-sticker-template.2014-01-150x150.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.amedeomaturo.com\/en\/data-subject-rights-dsr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amedeomaturo.com\/en\/"},{"@type":"ListItem","position":2,"name":"Data Subject Rights &#8211; DSR"}]},{"@type":"WebSite","@id":"https:\/\/www.amedeomaturo.com\/en\/#website","url":"https:\/\/www.amedeomaturo.com\/en\/","name":"Amedeo Maturo - English","description":"Otro sitio m\u00e1s de Amedeo Maturo - Multisite","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amedeomaturo.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b","name":"Amedeo Maturo","sameAs":["http:\/\/www.amedeomaturo.com"],"url":"https:\/\/www.amedeomaturo.com\/en\/author\/amedeomaturo\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":8,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":287,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/231\/revisions\/287"}],"wp:attachment":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}