GDPR Right of Access Under EDPB’s Enforcement Spotlight in 2024
The European Data Protection Board (EDPB) has launched its 2024 Coordinated Enforcement Framework (CEF) focusing on the right of access, a fundamental aspect of data protection law. This right allows individuals to verify if their personal data is being processed according to legal standards and is a cornerstone for the exercise of other rights, such as rectification and erasure. The EDPB’s choice to focus on this right for their third enforcement action stems from its pivotal role in data protection and the high volume of related complaints received by Data Protection Authorities (DPAs).
As part of the initiative, 31 DPAs from across the European Economic Area, including seven from German states, will collaborate throughout the year. They will assess how organizations comply with access requests, using tools like questionnaires and formal investigations. This coordinated effort aims to ensure that organizations are adhering to the principles of the General Data Protection Regulation (GDPR), particularly in response to individuals’ requests for access to their data.
The outcomes of these coordinated actions will be analyzed collectively, allowing the DPAs to consider further supervision or enforcement if necessary. The aggregated results will also provide a deeper understanding of compliance levels across the EU and help to guide future actions at the EU level. The EDPB plans to publish a detailed report on their findings once the initiative concludes.
This action marks the third under the CEF, with previous initiatives focusing on the public sector’s use of cloud services and the designation and position of Data Protection Officers. The CEF’s goal is to harmonize enforcement and foster cooperation among DPAs, ensuring a consistent approach to data protection across the EU.
Source: CEF 2024: Launch of coordinated enforcement on the right of access | European Data Protection Board
