Updated on 2025-05-22 GMT+08:00

SEC08-07 Data Subjects Have Rights to Access Their Privacy Data

It refers to that the data subject has the right to require the data handler to provide access to their personal data according to relevant privacy protection laws and regulations.

  • Risk level

    High

  • Key strategies
    • Users must be provided with functions for personal data query and update. Compliant with the data subject participation principle, the function must be provided in real time and at no cost to the data subject.
    • Data subjects must be authenticated before accessing personal data.
    • The time when data is entered or updated must be recorded.
    • It is advised to provide necessary check methods. For example, when a user enters an email address on a web page, verify the email address format.
    • In the case of user registration information, provide users a way to modify their registration information.
    • Make user privacy preference settings and options easy to see and use.
    • Systems that collect, process, and store personal data should provide a mechanism for data subjects to restrict the processing of their personal data.
    • For systems that collect, process, and store personal data, a mechanism for exporting personal data provided by data subjects should be provided.