EDPB launches its CEF action for 2024 on the right of access

Written by Kieran Harte

On 28 February 2024, the European Data Protection Board (EDPB) commenced this year’s Coordinated Enforcement Framework (CEF) action on the right of access. This follows its adoption in 2023 of Guidelines on data subject rights – Right of access to assist data controllers to appropriately respond to data access rights requests in accordance with the obligations set out in the GDPR.

Throughout 2024, 31 Supervisory Authorities (SAs), right across the EEA will participate in this initiative on the implementation of the right of access. The choice of the right of access by the EDPB at its October 2023 plenary stemmed from it being a fundamental part of data protection and is one of the most frequently exercised data subject rights that has led to a high volume of related complaints received by SAs. The right of access is commonly seen as an enabler for individuals to check whether their personal data is being processed in a compliant manner by data controllers. Moreover, it also facilitates the exercise of other data subject rights, such as the right of rectification and erasure.

To gauge compliance by data controllers with the right of access in practice, the CEF will be implemented by SAs through either of the following means:

questionnaires sent to data controllers as part of a fact-finding exercise or to identify if a formal investigation is warranted;
commencement of a formal investigation;
and/or follow-up of ongoing formal investigations.

In a similar way to previous CEFs, the results of the CEF will be analysed in a coordinated manner, followed by a joint decision of possible further supervision and enforcement actions. The aggregated results will generate deeper understandings into the topic that allows targeted follow-up at national and EU level. A report on the outcome of the analysis will be published by the EDPB following the conclusion of the resulting actions.

This series of actions is the third initiative under the Coordinated Enforcement Framework (CEF), which aims to streamline enforcement and cooperation among SAs through yearlong coordinated actions and investigations of a pre-agreed topic.

Previous coordinated actions examined the use of cloud services by the public sector, in 2022, and the designation and position of Data Protection Officers, in 2023.

EDPB launches its CEF action for 2024 on the right of access

More ICS News

IT Professionals Survey Launched

Prepare for NIS2 with ICS Training

EU AI Act – Will I need to conduct a Data Protection Impact Assessment? What about a Fundamental Rights Impact Assessment?

Unlocking Insights: Highlights at the Annual Data Protection Conference

EY Hosts Briefing on NIS2 Directive

EDPB launches its CEF action for 2024 on the right of access

More ICS News

IT Professionals Survey Launched

Prepare for NIS2 with ICS Training

EU AI Act – Will I need to conduct a Data Protection Impact Assessment? What about a Fundamental Rights Impact Assessment?

Unlocking Insights: Highlights at the Annual Data Protection Conference

EY Hosts Briefing on NIS2 Directive

Discover more from Irish Computer Society