European Data Protection Board Launches Coordinated Enforcement Action on Right of Access

European Data Protection Board Launches Coordinated Enforcement Action on Right of Access

By

The European Data Protection Board (EDPB) has initiated its Coordinated Enforcement Framework (CEF) action for the year 2024, focusing on the implementation of the right of access across the European Economic Area (EEA). This concerted effort involves 31 Data Protection Authorities (DPAs), including 7 German State-level DPAs, aimed at ensuring compliance with Article 15 of the General Data Protection Regulation (GDPR).

The right of access, selected as the focal point for this enforcement action during the EDPB's October 2023 plenary, holds paramount importance in data protection. It empowers individuals to verify whether their personal data is being processed in accordance with regulations by various organizations. Additionally, it serves as a gateway to exercising other crucial data protection rights such as rectification and erasure.

In preparation for this initiative, the EDPB adopted Guidelines on data subject rights - Right of access in 2023. These guidelines serve as a compass for organizations in responding to data access requests from individuals, ensuring alignment with GDPR standards.

Participating DPAs will employ various mechanisms to assess compliance with the right of access. This includes sending questionnaires to organizations to facilitate fact-finding exercises and identify the need for formal investigations. Commencement of formal investigations and follow-ups on ongoing inquiries are also part of the enforcement strategy.

The results of these joint efforts will be meticulously analyzed in a coordinated manner, leading to potential further supervision and enforcement actions as deemed necessary by the DPAs. Moreover, the aggregated findings will provide invaluable insights into compliance trends at the EU level. A comprehensive report on the outcomes of this analysis is scheduled for publication by the EDPB upon conclusion of the enforcement actions.

In tandem with this EU-wide endeavor, the Irish Data Protection Commission (DPC) has announced its enthusiastic participation in the 2024 Coordinated Enforcement Framework. With a focus on the "right of access," the DPC will engage in a fact-finding exercise by sending questionnaires to 30 data controllers across both public and private sectors.

The 2024 Coordinated Enforcement Framework builds upon previous initiatives, showcasing a steadfast dedication to upholding data protection standards and ensuring accountability across the European landscape.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.