🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Find out everything about the right to object in the GDPR

Home Find out everything about the right to object in the GDPR

Continuing our series of articles devoted to people's rights, today we are addressing the right to object. This article follows our 1 min video to understand everything from Monday May 9. Follow us on LinkedIn so you don't miss any news!  

Make yourself comfortable with lemonade and off you go, we'll explain everything to you in 5 minutes!  

 What are people's rights?  

The GDPR organizes the rights of individuals in Chapter 3 of the GDPR. Not all rights are systematically applicable to all processing, their application depends in particular on the legal basis of the processing concerned by the request.  

In our previous articles and those to come, we explain the following rights to you:  

  • Right of access,  
  • Right of rectification,  
  • Right to object (and right to withdraw consent),  
  • Right to erasure,  
  • Right to portability.  

 Understand everything about the right to object  

 Article 21 of the General Data Protection Regulation provides that "1. The data subject has the right to object at any time, for reasons relating to his or her particular situation, to processing of personal data concerning him or her based on Article 6(1) or f), including profiling based on these provisions. The controller no longer processes personal data unless he demonstrates that there are compelling legitimate grounds for the processing which override the interests and rights and freedoms of the data subject, or for the establishment, exercise or defense of legal rights. "  

In other words, this right offers the data subject the possibility of objecting to the use of their personal data.  
 
To do this, with the exception of commercial prospecting operations and profiling, the person must rely on reasons relating to their particular situation to base their request.  

In the case of commercial prospecting, the person has an absolute right to object to this processing. The CNIL recommends that data controllers set up a push-back list. This list makes it possible to centralize in the same file the contact details of people who no longer need to be contacted, those who have exercised their right of opposition. 
This tool makes it possible to identify people who no longer wish to be the subject of commercial solicitations.    

 As a reminder, article 226-18-1 of the Penal Code provides: The fact of processing personal data concerning a natural person despite the opposition of this person, when this processing is for prospecting purposes, in particular commercial, or when this opposition is based on legitimate reasons, is punishable by five years' imprisonment and a fine of 300,000 euros. "  

Right to object and legal basis

The right to object does not apply to all processing, only so-called "non-obligatory" processing is concerned. This right can only be exercised in the following cases:  

  • The processing is based on the legitimate interest of the data controller, including when it comes to commercial prospecting and profiling;  
  • The processing is based on the mission of public interest.  

For processing based on the legal basis of consent, the person can exercise their right to withdraw consent. Once the data subject has consented to the processing of their personal data, they must be able to reverse their decision and request the withdrawal of their consent. This request will have the same effect as exercising the right to object: the data controller must stop using the person's data for the processing concerned.  

 Limits to the right to object  

Apart from the case of commercial prospecting processing, the data controller may object to the exercise of this right for three reasons:  

  • The legal basis for processing is consent, contract, legal obligation, vital interest;    
  • There are compelling legitimate grounds for the controller to process the data, which override the interests and rights and freedoms of the data subject;    
  • The data is necessary for the establishment, exercise or defense of legal rights.    

Data Comply One (formerly Mission RGPD) and the right to object

You do not have time? You are lost? Are you having trouble managing your compliance and more specifically people's rights?  

Data Comply One (formerly Mission RGPD) allows you to create a rights exercise form. On the Data Comply One platform (formerly Mission RGPD), you have a unique link to make available to people (on the showcase website, in the various emails, etc.). The person wishing to exercise a right completes this online form directly. Once the form is completed, the request to exercise rights is automatically transferred to the Data Comply One platform (formerly Mission RGPD), all you have to do is respond using our templates!  

Manage your compliance with ease and peace of mind!  

Request your demo
Other articles
on the same subject