Skip to content

Definition: Right to Access (GDPR)

The Right to Access, also known as a Subject Access Request (SAR) under GDPR (Article 15), grants individuals (data subjects) the right to obtain confirmation from an organization (data controller) as to whether or not personal data concerning them is being processed, and, where that is the case, access to that personal data.

Key Components of the Right:

  • Confirmation: Verification that data is being processed.
  • Access to Data: A copy of the personal data undergoing processing.
  • Supplementary Information: Details including the purposes of processing, categories of personal data concerned, recipients or categories of recipients, retention periods, information about their rights (rectification, erasure, restriction, objection), the right to lodge a complaint, data source information (if not collected from the individual), and the existence of automated decision-making, including profiling.
  • Impact: Requires organizations to have robust systems for identifying, locating, retrieving, and providing all relevant personal data for a specific individual across potentially diverse systems, including active applications and archives. This highlights the importance of effective search and retrieval capabilities in ECM and archive systems.