photo
18.06.2024

The Polish SA launches national survey on controllers' exercise of the right of access to data

The President of the Personal Data Protection Office warmly encourages all controllers interested in participating in the survey to complete the questionnaire, the results of which will serve, among other things, to promote the compliance of processes in organisations with the provisions of the GDPR, as well as the promotion of best practices through guidance, recommendations or guidelines adopted in the future by the Personal Data Protection Office.

The questionnaire for the survey was developed by data protection authorities as part of the Coordinated Enforcement Framework (CEF) by the European Data Protection Board (EDPB).The subject of this year's action is the exercise of the right of access to personal data by the controllers.

Participation in the survey is voluntary and anonymous. Its purpose is to support dialogue with controllers - the answers they provide cannot be used as a basis for proceedings with inspections or for the supervisory authority  to exercise any other corrective powers.

The European DPAs can implement the CEF measure in a number of ways, including, but not limited to, conducting national proceedings or sending out questionnaires to organisations. These instruments are intended to help determine how the right of access to data is implemented in a given country.

The initiative will involve 31 data protection authorities, including 7 German ones at national level, across the European Economic Area (EEA).

The results of the joint undertaking will be analysed by EDPB in a coordinated manner. It is expected to provide a deeper insight into the subject and enable targeted follow-up actions at EU level. Once completed, the EDPB will publish a report on the results of the analysis.

The survey can be found at the link below. We strongly encourage you to complete it. Controllers have time until 31.07.2024.

Link to questionnaire/survey: https://ec.europa.eu/eusurvey/runner/b3c17c6b-500a-35c9-4df0-18a669fc8240

The right of access to data

It constitutes an important element of personal data protection. It is one of the most frequently exercised rights guaranteed by the GDPR, in relation to the exercise of which supervisory authorities receive many complaints. The right of access enables individuals to verify whether their personal data is being processed by organisations in a compliant manner. In addition, this right often allows for the exercise of other data protection rights, such as the right to rectification or erasure. In 2023 The EDPB adopted Guidance 01/2022 on Data Subject Rights - Right of Access to assist organisations in responding to data access requests from individuals as required under the GDPR.

Coordinated Enforcement Framework (CEF)

During the plenary meeting in February 2024 The European Data Protection Board (EDPB) decided to launch the Coordinated Enforcement Framework (CEF) for 2024.

More information on this year's CEF action (i.e. the exercise of the right of access to personal data by controllers), with links to communications from other authorities participating in the initiative, can be found on the EDPB website: https://www.edpb.europa.eu/news/news/2024/cef-2024-launch-coordinated-enforcement-right-access_pl

Previous EDPB actions under the CEF were on the use of cloud services by the public sector in 2022 and on the appointment and position of Data Protection Officers in 2023.

Link to questionnaire/survey: https://ec.europa.eu/eusurvey/runner/b3c17c6b-500a-35c9-4df0-18a669fc8240