GDPR outlines a set of data subject rights aimed at protecting privacy. These include breach notification, right to access, right to be forgotten, data portability, and privacy by design. Breach notification is required when a breach is likely to result in a risk for the rights and freedoms of individuals. This notification must take place within 72 hours of the breached organization becoming aware of the breach. Data processors are also required to inform users if the users' personal data is being used and the purpose for which the data is being used. This is the right to access. There is also a right to be forgotten. The right to be forgotten enforces the erasure of data once that data is no longer needed or the subject has withdrawn ...