Rights and obligations of the data subjects in connection with their personal data


Have you given your personal data in a registration form? Had you registered for an event with your personal data and then received emails with marketing content? Today, we share some thoughts about the four-year-old GDPR, that is, the General Data Protection Regulation. With regard to the content of the regulation, we will now primarily describe the provisions that affect your rights and obligations as a natural person (customer, client, etc.). Let us take a look at what opportunities an average person has to find out how a company manages their personal data.

We plan the content in such a way that it also serves educational purposes and makes our followers and customers aware that they are not vulnerable and can protect their personal data. The regulation uses one of the most important terms, which is the consent of the data subject. It means that,

“any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

In relation to their personal data, data subjects have the following rights:

1. Information and access to personal data

When we sign up for a newsletter or register for an event, or when our data is requested before entering into a contract, the privacy policy provides the framework for this. From this we can find out, for example: the identity and the contact details of the controller and or the contact details of the data protection officer.

2. Right of access by the data subject

The date subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (e.g., the purposes of the processing).

3. Right to rectification

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed.

4. Right to erasure (“right to be forgotten”: only in the case of consent-based data processing)

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. Such a case, e.g.: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

5. Right to restriction of processing

This can happen if, e.g.: the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.

6. To prohibit the use of personal data for direct marketing purposes
7. The transfer of our personal data to a third-party service provider, or the prohibition of it
8. We can request a copy of any personal data managed by the data controller
9. Right to object

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

10. Filing a complaint with the supervisory authority

In Hungary, the data protection supervisory authority is the National Authority for Data Protection and Freedom of Information. There have been changes regarding the detailed rules, so we will discuss this in a separate article.

11. Judicial remedy

We are entitled to an effective judicial remedy against the legally binding decision of the supervisory authority concerning us.


Regarding the obligation, it is worth highlighting an essential element, which primarily concerns the smoothest possible work process between a client and a service provider. After a change or modification in our data, it is worthwhile (in fact, it is our contractual obligation) to report them to the company providing a service (e.g., bank, insurance company, etc.) as soon as possible. In our case, this is particularly important, as trust contracts contain a lot of personal data.

If the address of a private trust changes (which means that the Hungarian National Bank, which maintains the register, must also be notified) and does not report it, then the Hungarian National Bank will send the official certificate relating to the managed assets to the previous address, in addition to the document will not contain the valid address.

In urgent cases, this can lead to a significant loss of time, so it is especially important to pay attention to and fulfill our obligations in addition to rights.