Individual Rights

Individual data subjects covered by the Georgia Tech EU General Data Protection Regulation Compliance Policy will be afforded the following rights:

  1. information about the controller collecting the data
  2. the data protection officer contact information (if assigned)
  3. the purposes and lawful basis of the data collection/processing
  4. recipients of the personal data
  5. if Georgia Tech intends to transfer personal data to another country or international organization
  6. the period the personal data will be stored
  7. the existence of the right to access, rectify incorrect data or erase personal data, restrict or object to processing, and the right to data portability
  8. the existence of the right to withdraw consent at any time
  9. the right to lodge a complaint with a supervisory authority (established in the EU)
  10. why the personal data are required, and possible consequences of the failure to provide the data
  11. the existence of automated decision-making, including profiling
  12. if the collected data are going to be further processed for a purpose other than that for which it was collected

Note: Exercising of these rights is a guarantee to be afforded a process and not the guarantee of an outcome.


Any person who wishes to exercise one of these rights under the EU GDPR should email and indicate which right(s) you are exercising and the desired outcome. A privacy representative will first authenticate the request, then review the request, then work with relevant Georgia Tech units to process the request. The requestor will be notified in the event that exercising a right might have a potential impact on the requestor's participation or benefit from the Institute.


Should you have any questions or concerns about your individual rights, please contact