Submit Release
News Search

There were 442 press releases posted in the last 24 hours and 429,247 in the last 365 days.

Data protection and privacy

Right to information

Everyone has the right to know that their personal data are being processed and for which purpose.

The data controller must respect the right of information of the data subject, irrespectively of whether the personal data have been obtained from the data subject or not. The information to be provided should contain the following:

  • the identity of the data controller;
  • the purposes of the processing, as well as the legal basis for the processing;
  • the recipients of the data (if any), and whether the personal data is intended to be transferred to a third country or international organisation.
  • the time-limits for storing the data;
  • explanation about the rights of the data subject (see below);
  • the right to have recourse to the European Data Protection Supervisor;
  • where the processing is based on the consent of the data subject, the right to withdraw consent at any time.

If applicable, additional information should be provided if:

  • the collected data will be subject to automated decision-making and what is the logic involved in this;
  • it will be further processed for a purpose other than that for which it was originally collected;
  • it is mandatory to provide the data, in which case what is the basis for such obligation and what are the consequences for not providing the data.

In the context of the Agency's processing operations, this right is fulfilled by the EMA general privacy statement and the specific privacy statement associated to the relevant data processing practices.

The right of information is subject to certain exceptions, such as in those cases where the data subject has already disposed of the above-mentioned information, or where the provision of the information would involve a disproportionate effort, or where a restriction of the right of information constitutes a necessary measure to safeguard one of the legitimate interests mentioned in Article 25 of the Regulation.

Right to access

The right to access (Article 17 of the Regulation) is the right for any data subject to obtain confirmation from the data controller as to whether his/her personal data is processed, and information on the following:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients to whom the data have been or will be disclosed;
  • the period for which the data is intended to be stored;
  • the right of the data subject to request rectification or erasure of the personal data or request the restriction of the processing or object to such processing (see below);
  • the right to have recourse to the European Data Protection Supervisor;
  • source of the data (where personal data are not collected from the data subject);
  • information on automated decision-making (if applicable);
  • transfer to a third country or international organisation (if applicable).

The data subject has the right to request a copy of his/her personal data processed.

Right of rectification

The data subject has the right to contact the data controller to obtain the rectification, without delay, of inaccurate or incomplete data concerning him or her. (Article 18 of the Regulation)

The right of rectification is an essential complement to the right of access and is important to maintain a high level of data quality.

Right to erasure (‘right to be forgotten’)

The data subject has the right to request his/her personal data to be erased without undue delay when it is no longer needed or if the processing is unlawful. (Article 19 of the Regulation)

Right to restriction of processing

The data subject has the right to obtain from the data controller the restriction of the processing (Article 20 of the Regulation) where:

  • their accuracy of the processed personal data is contested by the data subject;
  • the data are no longer needed to achieve the purposes of the processing;
  • the processing is unlawful but the data subject opposes the erasure of the data (and requests the restriction instead); or
  • the data subject objected to the processing but verification is needed whether the data controller has overriding legitimate grounds.

Restriction means the blocking of data by the data controller at a given moment and for a specific period of time.

Blocked personal data can only be processed, with the exception of their storage, with the data subject's consent or for the purposes of legal claims or the protection of the rights of a third party.

Right to data portability

Where the processing is carried out in automated means, a data subject has the right to receive his/her personal data (which was provided to the data controller by him or her) in a machine-readable format. The data subject may also ask the data controller to directly transfer such data to another controller. (Article 22 of the Regulation)

Right to object

Any data subject has the right to object at any time to the processing of data relating to him or her, except in certain cases, such as where the processing is based on a legal obligation of the data controller.

The data controller may no longer process the personal data concerned by the objection, unless the data controller can demonstrate an overriding legitimate interest or for the purposes of legal claims. (Article 23 of Regulation)

Right to refuse

Any data subject has the right to not to be subject to a decisionbased solely on automated processing if such decision has legal effect on him or her (except for certain situations, such as entering into a contract). (Article 24 of the Regulation)

Right to withdraw consent

When EMA relies on your consent to process your personal data, you have the right to withdraw such consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, EMA may not be able to provide certain services to you. EMA will advise you if this is the case at the time you manifest your intention to withdraw consent.

The Agency provides information on action taken on a request under Articles 17 to 24 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Agency informs the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

If you wish to exercise any of these rights, please contact the DPO using the contact details below.

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

You just read:

Data protection and privacy

Distribution channels: Healthcare & Pharmaceuticals Industry


EIN Presswire's priority is author transparency. We do our best to weed out false and misleading content. The content above is the sole responsibility of the author who makes it available. If you have any complaints, kindly contact the author above.

By continuing to use this site, you agree to our Terms & Conditions, last updated on September 30, 2025.