The history and importance of the Right of Access
This is not new
The Right of Access unlocks other rights
If you cannot check whether an organisation is processing your personal data, you cannot know whether the data they hold is accurate, what purpose they are processing it for and what lawful basis they are using.
The Right of Access is one of only two data subject rights specifically mentioned in the EU Charter of Fundamental Rights.
EU Charter of Fundamental Rights, Article 8
Everyone has the right to the protection of personal data concerning him or her.
Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned, or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
Compliance with these rules shall be subject to control by an independent authority.
Restrictions to the Right of Access must be the exception
If you cannot check whether an organisation is processing your personal data, you cannot know whether the data they hold is accurate, what purpose they are processing it for and what lawful basis they are using.
Therefore there are only a limited number of exemptions which data controllers can use to avoid complying with Subject Access Requests.
‘Limiting Data Subject Rights and the Application of Article 23 of the GDPR’ (PDF), Data Protection Commission of Ireland
Where next?
We’ve a short explanation of what data you’re entitled to access under the GDPR and the text of the relevant article in our piece on the Right of Access in our ‘Your Rights’ section.
If you want a more detailed look at how you should go about exercising your Right of Access we have a piece on that in this section: ‘The Subject Access Request process – how it should work’.
Read more elsewhere
‘How can I access my personal data held by a company / organisation?’, European Commission. This short piece from the European Commission stresses that using the right of access should be easy.
‘The Right of Access’, Data Protection Commission of Ireland
‘Data Subject Access Requests – FAQ’, Data Protection Commission of IrelandÂ
Topics
Data Protection Fundamentals (basics, definitions and more …)
Your Rights (all your data protection rights: access, information, rectification and more …)
In More Detail (explorations and explanations of data protection concepts …)
Keeping Track (tracking Subject Access Requests and complaints to Supervisory Authorities …)