Practise GDPR data subject rights vocabulary: right to access, erasure, portability, rectification, and restriction.
0 / 5 completed
1 / 5
Under GDPR, the 'right to erasure' (right to be forgotten) allows data subjects to request:
The right to erasure (Article 17) allows deletion when the original purpose is fulfilled, consent is withdrawn, or processing is unlawful — subject to some exceptions (legal obligations, public interest).
2 / 5
A GDPR 'Data Subject Access Request' (DSAR) entitles the individual to receive:
A DSAR response must include: a copy of the personal data, the processing purposes, retention periods, recipient categories, and information about data subject rights.
3 / 5
GDPR 'data minimisation' means:
Data minimisation (Article 5) is a core GDPR principle: collect only what you need for the stated purpose. Collecting additional data just in case is a GDPR violation.
4 / 5
Under GDPR, a 'processor' is:
A processor acts on the controller's instructions (e.g., a cloud service, payroll provider). Processors have specific GDPR obligations including entering into a Data Processing Agreement.
5 / 5
GDPR requires notification of a personal data breach to the supervisory authority within:
GDPR Article 33 requires breach notification to the supervisory authority within 72 hours if the breach is likely to result in a risk to individuals' rights and freedoms.