The European Data Protection Board (EDPB) has adopted the final version of its guidelines on the right of access to personal data. These guidelines are intended to help data protection authorities and processors to correctly apply the right of access to personal data, in accordance with the provisions of the GDPR.
The right of access is one of the key rights of data subjects, which allows them to obtain information about the personal data being processed and possible breaches of data protection. This right also includes the possibility to obtain a copy of the processed data and to obtain additional information about the purposes of the processing, the duration of data retention, or the legal basis for the processing.
The guidelines provide practical guidance on how to exercise the right of access and explain its scope and limitations. The document also provides information on the appropriate technical and organisational measures that should be applied by those responsible for processing data to facilitate the exercise of the right of access.
One of the key aspects of the Guidelines is the emphasis on the obligation of those responsible for processing data to ensure that data subjects can effectively exercise their right of access. These entities should also take into account the specific needs of data subjects, such as the availability of information in an easily understandable language, or the adaptation of measures to the needs of persons with disabilities.
The final version of the guidelines aims to provide greater legal certainty and consistency in the application of the right of access to personal data across the European Union. The guidelines are also intended to help further raise data subjects’ awareness of their data protection rights.