Information commissioner

Data controller

Data subject

Data commissioner

To control how personal information is used by companies and the UK government

To collect and process personal data

To transfer data outside the European Economic Area

To enforce automatic decisions based on data

It should be transferred outside the European Economic Area

It should be processed in a transparent manner

It should be kept for longer than necessary

It should be subject to additional legal protections

To weaken and standardize data protection regulations across Europe

To strengthen and standardize data protection regulations across Europe

To limit the processing of personal data

To process data in a manner that ensures security

To prove that their data protection measures are sufficient to protect data

To collect data for specified reasons

To keep data for longer than necessary

To process data in a manner that is not transparent

To have data about them stored outside of their control

To enforce the Data Protection Act

To process personal and sensitive data

To determine what data an organization collects

Right to prevent distress

Right to prevent automatic decisions

Right of correction

Right to lodge a formal complaint