Appendix B: List of relevant GDPR articles

Data Subject’s Rights

Number	Article	Summary
15	Right to access	A data subject can, at any time, request that you provide them in a common, easily understood format, all the personal data that you have about them.
16	Right to rectification	Meaning you'll need to provide individuals a way to correct any personal data you have on them that may be wrong.
17	Right to erasure	Essentially the right to be forgotten, you’ll need to remove all personal data held on a data subject, see also article 19.
18	Right to restriction of processing	A data subject has the right to request that you stop processing their personal data. Which means you can keep it, so long as you have a good reason to, but you can’t use it for anything anymore.
19	Right to notification	If you update, delete, or stop processing any of your data subject’s personal data yourself, you’ll also need to notify anyone else that you may have shared this data with so that they can do the same.
20	Right to data portability	A data subject can request that you provide their personal data to another organization on their behalf.

Number	Article	Summary
25	Data protection by design and by default	It basically means that whenever you're building something that has the potential to come into contact with personal data, you default to the necessary precautions and safeguards from the very first iteration.
32	Security of processing	Organizations will need to take measures to ensure that the personal data being collected is handled and stored securely. From an access and governance perspective, this means putting in place different roles with different levels of access to personal data.
46	Transfers subject to appropriate safeguards	This subject is part of the section about the transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation.