The right of access lets you ask a company what data they have about you and why. The right to rectification lets you correct mistakes. The right to erasure gives you a way to request deletion when there is no longer a valid reason to keep the data.

Other important rights include data portability (moving your data to another service), the right to restrict processing, and the right to object to certain processing. Together, these create a set of controls that prioritize user agency.

If you are a product team, the best approach is to plan for these rights early. It is far easier to fulfill requests when data is organized and decisions are documented.

• Provide a simple contact or portal for requests.
• Respond within the required timelines.
• Explain decisions in plain language.