GDPR: data subject rights

This “how-to” GDPR video will discuss how to prepare to be response ready to data subject requests.


View all episodes of the "KPMG Privacy" video series.



  • Welcome to KPMG’s privacy video series, and the third of three videos dedicated to understanding personal data under GDPR.


  • Data subject rights are one of the most challenging areas of GDPR for most organizations and requests to exercise these rights are already coming through for many.
  • This requires a deep understanding of personal data footprint and lifecycle as well as the associated business processes including the purpose of processing
  • Data subject rights may include the following points:

1.  Accurate and informative notice of how data is being used, including purposes of use and transfers.

2.  Minimizing the collection, use and retention of data in line with defined use purposes.

3.  The ability to opt-out of data collection and use after initial consent.

4.  The ability to request that data is no longer used or maintained, and evaluation of this request against legal requirements.

5.  Full access to data including the ability to update it and port it to another organization or platform.

  • Ask yourself: is your organization ready to respond to a data subject request.


  • The next step is to layer request analysis and communication procedures on top of data understanding.
  • Our clients are often tripped up by a lack of procedures to support identifying, triaging and escalating requests related to data subject rights, or awareness of these procedures.
  • This risk for non-compliance is significant and must be addressed early on across the organization.
  • Thank you for your time and attention as we wrap up our review of understanding personal data under GDPR.
  • Thanks for watching.
Ahead of the curve
Managing data in the wake of GDPR
Steven Stein

Steven Stein

Principal, Cyber Security Services, KPMG US

+1 312-665-3181
View more

Strategy and governance

Cyber security: it’s a business issue, not just an information technology issue.

Cyber security: it’s a business issue, not just an information technology issue.

Subscribe to KPMG Cyber Security services


Explore KPMG Cyber Security careers

Explore KPMG Cyber Security careers