Published: 18 August 2021
“This case highlights the importance of controllers knowing exactly where the personal data they are legally responsible for are located. Archived data has as much capacity for harm as other forms of data and needs to be part of the overall data governance framework of any organisation. We are grateful for the full cooperation of the Controller in this case and hope it serves to remind us all to be prepared to respond to rights requests from individuals. The right of access, as exercised in this case, is a very important part of the data protection law and individuals seeking access to information about themselves have the right to expect timely and complete responses.”
Legal Framework