In the digital world, people own personal information just like they own physical assets such as cash, keys and clothes in the real world. But because personal information is intangible, its value has been overlooked by many for a very long time. With the increase in cyber crimes on personal data and the infamous Snowden affair, this issue has become more prominent. Fei Liu from Nedap Security Management Research & Development informs that to improve the transparency of data collection and processing, and to give people control over their personal data, the European Commission has proposed a new regulation for data protection (General Data Protection Regulation 2012/0011(COD) (GDPR)) and brought the issue to a new level.
According to GDPR Article 10a(2), GDPR empowers people (data subjects) with the right to control their personal data. Such rights include, inter alia, the provision of clear and easily understandable information regarding the processing of his or her personal data, the right of access, rectification and erasure of their data, the right to obtain data, the right of object to profiling, the right to lodge a complaint with the competent data protection authority and to bring legal proceedings as well as the right to compensation and damages resulting from an unlawful processing operation. Such rights shall in general be exercised free of charge. The data controller shall respond to requests from the data subject within a reasonable period of time.
