Skip to content

Definition: Data Portability (GDPR)

The Right to Data Portability, established under GDPR (Article 20), allows individuals (data subjects) to obtain and reuse their personal data for their own purposes across different services. It enables them to receive personal data they have provided to a controller in a structured, commonly used, and machine-readable format, and gives them the right to transmit that data to another controller without hindrance from the original controller.

Key Aspects:

  • Format: Data must be provided in a format that is easily transferable and usable by other systems (e.g., CSV, JSON, XML).
  • Basis: Applies primarily when the legal basis for processing the data is consent or the performance of a contract, and the processing is carried out by automated means.
  • Purpose: Empowers individuals with greater control over their data and encourages competition between services.
  • Impact: Requires organizations to have mechanisms in place to export specific user data in a structured, machine-readable format upon valid request, affecting data extraction and export capabilities of systems managed or migrated by Helix.