Frequently asked questions about information systems

Article 15 of the General Data Protection Regulation provides for the data subject's right of access to data concerning him or her. Under this right of access, a customer also has the right to know the times and purposes of any queries made on his or her personal data, if user log data has been collected in relation to the processing of personal data.

The level of detail to which a person is entitled to access log data is always assessed on a case-by-case basis. The assessment must take into account what information is sufficient to exercise data protection rights. In the Supreme Administrative Court ruling KHO:2025:51, the customer had the right to be informed of the time of processing of his or her customer data with the date but not with the exact time.

However, the customer has no right to know the identity of the employees who have processed his or her personal data, unless this information is necessary for the exercise of data protection rights. The rights and freedoms of employees must also be taken into account in a case-by-case assessment.

Frequently asked questions about information systems

Can the customer of the company be entitled to log data by virtue of the right of access?

Common topics