The European Data Protection Board (‘EDPB’) recently published draft Guidelines (‘the Guidelines’) on the right of access, bringing some clarity to several operational aspects of responding to access requests. Whilst the Guidelines are informative, they raise the bar in regard to what is expected of controllers. In particular, the EDPB’s rejection of any proportionality limit with regard to the efforts a controller has to take to comply with the data subject’s request is surprising.
Technology and Innovation Partner Davinia Brennan, examines the new Guidelines and offers guidance on the steps that organisations should take in light of them.
The new Guidelines on access requests - is the bar now too high (Data Protection Ireland 153) PDF | 0.18 MBReproduced with permission from Data Protection Ireland. This article was first published in the Data Protection Ireland Journal.