OneTrust Certified Privacy Professional Practice Exam

The purpose of data subject rights under the General Data Protection Regulation (GDPR) is to empower individuals to have control over their personal data. These rights are fundamental to ensuring that individuals can access, correct, delete, and limit the processing of their personal information. By granting these rights, GDPR seeks to enhance transparency and provide individuals with greater autonomy over how their data is handled by organizations.

For instance, individuals have the right to access their personal data, allowing them to see what information is being held and how it is being used. They can also request the rectification of inaccurate data, request the deletion of their data under certain circumstances, and object to the processing of their personal data. These rights are critical because they help protect individuals’ privacy and ensure accountability on the part of organizations that handle personal information.

The other potential answers mischaracterize the intent of the GDPR. They incorrectly imply limitations on individuals' access to their data or suggest that organizations can freely use data without limitations, which contradicts the GDPR's principles of accountability and transparency.