Access and Portability
Articles 15 & 20 and Recitals 63, 64 & 68 of the GDPR
Individuals have the right to request access to their personal data, free of charge and in an accessible format. If you receive such a request, then you have to:
- Tell the individual if you are processing their personal data.
- Inform them about the processing (such as the purposes of the processing, categories of personal data concerned, recipients of their data, etc.).
- Provide a copy of the personal data being processed, without undue delay and in any event within one month.
In addition, when the processing is based on consent or a contract, the individual can ask for their personal data to be returned or transmitted to another company. This is known as the right to data portability. The data should be provided in a commonly used and machine-readable format.
The Right of Access and the Right to Data Portability are closely related, but they are distinct rights. You should take care to ensure that individuals are informed of both rights, and that consequently there is no confusion about which right is being exercised.