[x] Right to be informed ---> v2.0
You must be transparent about how you use personal data. This is typically handled through your site’s privacy policy, which you’ll likely need to update.
[x] Right of access ---> v2.0
If a client requests their data, you must provide it to them in a commonly used format, such as CSV.
[x] Right to rectification---> v2.0
You must allow a client to correct incomplete or inaccurate information.
[x] Right to erasure ---> v2.0
Clients can request deletion or removal of personal data when there is no compelling reason for its continued processing. Also referred to as “the right to be forgotten.”
[x] Right to restrict processing ---> v2.0
Individuals have the right to block processing of personal data. In such cases, you can store the data but no longer process it.
[x] Right to portability ---> v2.0
You must allow individuals to obtain and reuse their personal data for their own purposes. This means you must provide it to them in a common format, such as CSV.
[x] Right to object ---> v2.0
Individuals can object to having their personal information used. This includes for purposes of direct marketing, research and statistics.
[x] Rights related to automatic decision making, including profiling ---> v2.0
This rule specifies when you can use profiling and automated decision making. It also defines requirements that must be met, such as the individual providing explicit consent.
These rights are spelled out in further detail in the official GDPR guide.
[x] Security by design ---> v3.5
To comply with GDPR, you must demonstrate that you’re implementing data protection by design and by default.
GDPR confirm:
source