The ECJ ruling clarifies that data controllers must provide comprehensive and clear information to data subjects regarding the processing of their personal data, including their right to access and rectify their information.
The European Court of Justice (ECJ) has issued a ruling on the General Data Protection Regulation (GDPR) that emphasizes the importance of data subject rights to information. The ruling clarifies the extent to which data controllers must provide information to data subjects regarding the processing of their personal data. According to the ruling, data controllers must provide data subjects with comprehensive and clear information about the processing of their personal data. This includes information on the purposes of the processing, the categories of personal data processed, and the recipients of the data. The data controller must also inform the data subject of their right to access and rectify their personal data.
ECJ clarifies that data controllers must provide a complete copy of personal data requested by data subjects and emphasizes the importance of providing information in a clear and concise manner.
Additionally, the ECJ ruling clarifies that the data controller must provide a copy of the data requested to the data subject based on the consideration of the usual meaning of copy. The ECJ also notes in this ruling that the term ‘copy’ does not relate to a document as such, but to the personal data which it contains and which must be complete. As a result the copy must contain all the personal data undergoing processing. The ruling also emphasizes the importance of providing the information in a clear and concise manner. The information must be easily accessible and understandable to the data subject. The data controller must use clear and plain language, avoiding technical jargon or legal terms that may be difficult for the data subject to understand.
ECJ ruling emphasizes that data controllers must provide information free of charge and clarifies that the right of access must enable data subjects to ensure that their personal data is correct and processed lawfully.
The ECJ ruling emphasizes that data controllers must provide this information free of charge. The data subject should not be charged for accessing their personal data or for requesting that their data be rectified or erased. This ensures that data subjects are not discouraged from exercising their rights due to financial barriers. This ruling from the ECJ ruling also clarifies that the right of access provided for in Article 15 of the GDPR must enable the data subject to ensure that the personal data relating to him or her are correct and that they are processed in a lawful manner.
Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both Data Protection Officer outsourcing, and GDPR and Data Protection Act 2018 consultancy services, as well as Telecom Regulatory Consultancy. We can help your company get on track towards full compliance. Contact us today.