fbpx

Download free GDPR compliance checklist!

Tag Archives for " data subject rights "

Dutch Court Decides on Scope of GDPR Right of Access

In late December 2019, the Court of The Hague (Netherlands) published a preliminary reference procedure (see here , in Dutch). The Court was asked to decide on the scope of the right of access under the GDPR.

The Court also pointed out that the GDPR does not grant a right to obtain a copy of documents; it only grants a right to obtain a copy of personal data. In relation to documents that do not contain much personal information, such as the e-mails in question, the court held that it suffices to describe the data they contain.

Source: Dutch Court Decides on Scope of GDPR Right of Access

Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests

Talend’s new survey shows that less than half of all companies and public sector organizations were able to respond to a Data Subject Access Request within the time period stipulated by GDPR.

Media and telecommunications companies also scored very poorly, with only 32% of them responding in a timely manner. Only 46% of retailers are able to respond to Data Subject Access Requests in a timely manner.

Source: Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests – CPO Magazine

Brexit Party under investigation for ‘failing to hand over personal data’

An investigation into Nigel Farage’s party has been launched by the Information Commissioner’s Office.

The Information Commissioner’s Office (ICO) launched the investigation in response to complaints the Brexit Party had failed to answer requests for data.

Source: Brexit Party under investigation for ‘failing to hand over personal data’ | Science & Tech News | Sky News

Data for money: App facilitating data portability now under the EDPB’s scrutiny

A number of Italian retailers submitted to the Italian Data Protection Authority, the Garante, very similar complaints concerning massive data subject requests received from Italian startup Weople.

Weople exercised, on behalf of the individuals that subscribed to its services via a mobile app, the right to data portability in connection to the personal data collected by the retailers’ loyalty programs. The transfer of such data was to go directly to Weople.

Full article: Data for money: App facilitating data portability now under the EDPB’s scrutiny

Google wins landmark right to be forgotten case

Europe’s top court has ruled that Google does not have to apply the right to be forgotten globally.

It means that firm only needs to remove references to articles and other material from its search results in Europe – and not elsewhere – after receiving an appropriate request.

The ruling stems from a dispute between Google and a French privacy regulator.

Source: Google wins landmark right to be forgotten case

Research reveals six common CX failures when handling GDPR information requests

A recent study conducted by Macro 4 reveals problems in the way companies are handling data subject access requests – an important consumer right enshrined in the GDPR – which threaten to damage consumer trust.

Macro 4’s study evaluated how effectively DSARs are being handled by a sample of 37 UK enterprises, including large financial services companies, utility companies and telecommunications providers. The research uncovered six ways in which companies are failing to meet the requirements of the GDPR and are delivering a level of service that is well below expectations.

Full article: Research reveals six common CX failures when handling GDPR information requests | CustomerThink

CJEU to answer questions about Right to be delisted

French court the Conseil d’Etat has requested the European Court of Justice for a preliminary ruling on a series of questions concerning the implementation of the right to be delisted from search results.

The right to be delisted is not absolute. Insofar as the removal of links from the list of results displayed following a search made on the basis of a person’s name may have consequences on the legitimate interest of internet users to receive access to information, the European Court of Justice proceeds to strike a balance between such interest and the person’s fundamental rights, in particular the right to private life and to the protection of personal data.

Source: Right to be delisted

DSAR test reveals huge data breach potential

A phoney data subject access request (DSAR) made by a woman’s partner to companies in the UK and the US prompted a return of personal data from 25% of the firms contacted.

The security specialist making the request leveraged the terms of the GDPR to make his claim. He got in touch with dozens of companies on both sides of the Atlantic, stating in each case that he wanted information held on his fiancée. One of the data returns held his fiancée’s criminal record check.

Source: DSAR test reveals huge data breach potential

German court decides on the scope of GDPR right of access

The Supervisory Authority of Hesse region stated that the term “copy” in Art 15 GDPR should not be understood literally but rather in the sense of a “summary”.

This interpretation appears to conflict with an earlier decision of the Labor Appeals Court of Stuttgart which ordered an employer to provide actual copies of all information held by the company.

More recently, the Appeal Court of Cologne held that the customer of an insurance company is entitled to access all personal data pertaining to him and processed by the company, including any internal notes regarding conversations between company employees and the customer.

Source: German court decides on the scope of GDPR right of access

1 2 3 9
>