There are 8 fundamental rights of the data subject. They are listed in articles 15-22 of GDPR.
Article 15 - Right of access by the data subject.
The data subject is entitled to obtain from the controller confirmation as to whether personal data concerning him or her are being processed.
Article 16 - Right to rectification.
The data subject has the right to request administrator to immediately rectify incorrect personal data concerning him.
Article 17- Right to erasure ("right to be forgotten").
The data subject has the right to request the administrator to immediately delete his personal data
Article 18 - Right to restriction of processing.
The data subject has the right to request the controller to restrict processing of his personal data.
Article 19 - Notification obligation regarding rectification or erasure of personal data or restriction of processing.
The administrator informs about the rectification or removal of personal data or restriction of processing, which he has made in accordance with art. 16, art. 17 sec. 1 and art. 18, each recipient to whom personal data has been disclosed.
Article 20 - Right to data portability.
The data subject has the right to receive, in a structured, commonly used and machine-readable format, personal data concerning him, which he provided to the administrator.
Article 21 - Right to Object.
The data subject has the right to object at any time - for reasons related to his particular situation - to the processing of his personal data.
Article 22 - Automated individual decision-making, including profiling.
The data subject has the right not to be subject to a decision which is based solely on automated processing, including profiling, and produces legal effects or significantly affects the person in a similar way.
Enabling data subjects to exercise their rights is a difficult process and a technological challenge. Considering that the data of one person is usually scattered over many systems, the fulfilment of each of these obligations involves checking and collecting data from all potential data sources. Be it a large IT environment or a smaller one, but with a lot of unstructured data – personal data management is a very demanding task.