Unbenanntes Dokument

Access Right


Intro: What is meant by the right of access, what function does it have and what must be taken into account when implementing it?

To-Dos: What is the specific procedure for fulfilling the right of access and the associated obligations?

Statements: What have the data protection supervisory authorities published on the subject of the right of access?






Implementing the right of access in compliance with the law





What is meant by the right of access, what function does it have and what must be taken into account when implementing it?

The right of access is intended to enable the person to obtain an overview of the data stored about them in order to be able to assert further rights (e.g. right to erasure, right to rectification).

The company must not only provide information about the data or data categories, but also other circumstances relating to processing, such as the purposes of processing, the recipients (categories), the storage period of the data, the origin of the data, the existence of a so-called ‘automated individual decision’ and the existence of other rights of data subjects (e.g. the right to erasure).

If the company also transfers data to a third country and uses a data protection guarantee such as the EU standard contractual clauses, the person must also be informed of this.

As with the other data subject rights, the right of access must be answered within one month. An electronic request for information from the person must also be answered electronically, if feasible.

If no personal data is available, the person must also be informed of this (so-called negative information).



What is the specific procedure for fulfilling the right of access and the associated obligations?

1

Process for handling data subject requests A process for handling data subject requests must be defined and documented. Suitable means: data subject rights directive.


2

Assignment of responsibilities for handling data subject requests Assignment of responsiblities (e.g. for answering access to information requested by data subjects). Suitable means: data subject rights directive.


Check the applicable legislative text.



Check relevant court decisions.



What have the data protection supervisory authorities published on the subject of the right of access?

DSAB Bayern: Identifizierung bei der Geltendmachung von Betroffenenrechten (Aktuelle Kurz-Information, 6 Seiten) (01.07.2020)


DSK: Kurzpapier Nr. 6. Auskunftsrecht der betroffenen Person, Art. 15 DS-GVO (17.12.2018, in Überarbeitung)



>> Find out which other data protection obligations have to be considered with respect to European data protection law.



Unbenanntes Dokument


Appoint a cost-effective data protection officer now

Do you need support with the implementation of data protection requirements? about our data protection packages.
Unbenanntes Dokument

We are

familiar with the characteristics of small and large companies

experienced in communicating with data protection authorities

active in data protection for over 10 years.