Office of the Data Protection Ombudsman examines realisation of right of access to data as part of Europe-wide measure
On 28 February, the European Data Protection Board launched a joint measure examining how the data subjects' right of access to their data is being realised in the operations of various organisations. A total of 28 data protection authorities from various EU Member States are taking part in the study. In Finland, the situation is charted with a questionnaire for controllers.
In their joint measure, the data protection authorities of Member States investigate how organisations are actually complying with the requirements on implementing the data subject's right of access.
As part of the measure, the Office of the Data Protection Ombudsman is examining the realisation of the right of access in various Finnish organisations. This week, the questionnaire will be sent to 15 controllers operating in Finland. More detailed information about the organisations and questions is available in the attachments below.
The results of the studies conducted in different countries will be compiled and analysed at the end of the measure. Further action can be taken at both national and EU-level based on the findings.
The questionnaire for organisations in Finnish (pdf)
List of organisations to which the questionnaire will be sent in Finland (pdf)
Right of access is a key data protection right
The right of access to data is one of the most commonly exercised data protection rights. Data protection authorities also receive numerous complaints related to the use of the right of access.
The right of access permits an individual to check what information an organisation is processing on them and whether such processing complies with data protection requirements. In addition, the right of access enables the use of other data protection rights, such as the right to rectification or erasure of data.
The European Data Protection Board selects a theme for a coordinated measure each year. This study is the third Europe-wide measure to date. In 2023, the EDPB examined the role and appointment of data protection officers in organisations. The report on its findings was published in January 2023. In 2022, the joint study focused on cloud services in public-sector organisations.
Joint coordinated measures implement the EDPB's objective of harmonising supervision and improve cooperation between supervisory authorities in the EU.
Further information:
Data Protection Ombudsman Anu Talus, anu.talus(at)om.fi, tel. +358 29 566 6766
EDPB release on the Board's website: CEF 2024: Launch of coordinated enforcement on the right of access (28 February 2024)
EDPB guideline on the implementation of the right of access: Guidelines 01/2022 on data subject rights - Right of access (pdf)
More information on our website: Right of access to data
EDPB press release on the Board's website: EDPB identifies areas of improvement to promote the role and recognition of DPOs (17 January 2024)
The European Data Protection Board (EDPB) is an independent EU body consisting of the EU's national data protection authorities and the European Data Protection Supervisor's representative. The EEA member states Iceland, Norway and Liechtenstein are also members of the EDPB. The EDPB is responsible for the uniform application of the EU General Data Protection Regulation and Law Enforcement Directive.