☐ The controllers have introduced the necessary procedures to ensure that the data subject rights are adequately satisfied, no matter if they are the end-users or third parties.

☐ The controllers have introduced the necessary procedures to ensure that the data subject rights are satisfied in time (maximum one month after request, extendable by two additional months with regard to the complexity of the task and the number of requests).

☐ The controllers have introduced efficient tools to ensure that data subjects are able to exercise their rights in a practical manner, for instance by introducing data interoperability standards.

☐ Data subjects are in a position to have access to all their personal data, including observed, obtained, derived and inferred data.

☐ The controllers have provided the data subjects with remote access to their personal data. Particularly, controllers which provide online services based on personal data have provided an online tool for this purpose.

☐ The controllers have introduced tools able to communicate rectified data to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

☐ The controllers have introduced tools able to ensure that all data are efficiently deleted at the data subjects’ request if there are no lawful reasons to oppose that request.

☐ Controllers have introduced user-friendly interfaces for users who want to obtain both aggregated data and/or raw data that they still store. These tools enable data subjects to easily export their data in a structured and commonly-used format.

☐ The controllers have documented all the information regarding these issues.