Right of access

The right of access is one of the main rights of data subjects, established by Article 15 of the General Data Protection Regulation (GDPR). This right allows data subjects to obtain confirmation from the data controller on whether their personal data is being processed, and if so, to access such data along with a series of relevant details about the processing.

The information that the data controller must provide at the request of the data subject includes:

  1. Copy of the processed personal data
  2. Purposes of the processing: why the data is being processed and the goals of the processing.
  3. Categories of personal data processed: a description of the categories of data being processed.
  4. Recipients or categories of recipients: to whom the personal data is disclosed or may be disclosed, including any recipients in third countries or international organizations.
  5. Retention period: how long the data will be retained or the criteria used to determine that period.
  6. Rights of the data subjects: information on the rights of the data subject, such as the right to rectification, erasure, restriction of processing, and objection, as well as the right to lodge a complaint with the Supervisory Authority.
  7. Source of the data: if the personal data was not collected directly from the data subject, the data controller must provide information about its source.
  8. Existence of automated decision-making processes: if applicable, information on the use of automated decision-making processes, including profiling, and the logic involved, as well as the significance and anticipated consequences for the data subject.

The right of access is crucial for ensuring transparency in the processing of personal data and allows data subjects to verify the accuracy of the processed data, exercise other rights (such as rectification or erasure), and ensure that the processing is carried out lawfully.

Exercising the right of access is free of charge unless requests are manifestly unfounded or excessive, in which case the data controller may charge a reasonable fee or refuse to act on the request. Additionally, the data controller must respond to requests within one month of receipt, with the possibility of extending the deadline by an additional two months in cases of particularly complex requests.

Trust Guardian’s approach to the right of access

Trust Guardian facilitates the management of the right of access for companies, providing tools to track and respond promptly to data subjects’ requests:

  • Centralized consent register
  • Black box with the Privacy History for each data subject
  • Web interface for data subjects to exercise their rights requests
  • Centralized register for DPOs/Legal teams to manage data subject rights requests
  • myPrivacy: a self-service area for managing consents

Legal, ICT, marketing: comprendiamo le tue necessità

Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.

legal1 legal2

Come DPO, Legal & Compliance voglio gestire le contestazioni e recuperare prove e fatti
ict1 ict2

Come ICT voglio mettere ordine nei flussi di gestione della privacy dei clienti
marketer1 marketer2

Come Marketer voglio lavorare in tranquillità e sicurezza

Trust Guardian è perfetto per diversi casi d’uso

Ecommerce basket

Solutions for trade shows and events
Fidelity card

Solutions for Loyalty Cards
Stand

Solutions for Marketers
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.