Ensuring the rights of data subjects
The previous sections covered the legal basis for processing personal data and the practical planning of data processing.
This section focuses on responsibilities: what obligations the data controller has towards data subjects, how data protection risks are assessed, and how data subjects must be informed.
A data subject is a person whose personal data are processed in a research project.
Data subjects have the right to exercise their rights under the GDPR, including the right to object to the processing of their personal data.
If an individual informs Findata that they object to the secondary use of their data, Findata will remove their data from datasets before the data are disclosed to the permit holder.
In certain circumstances, it is possible to restrict data subjects’ rights in research, provided there is a legal basis for doing so. In such cases, the controller must submit a data protection impact assessment to the Office of the Data Protection Ombudsman.