The European Data Protection Board (‘EDPB’) recently published draft Guidelines (‘the Guidelines’) on the right of access, bringing some clarity to several operational aspects of responding to access requests. Whilst the Guidelines are informative, they raise the bar in regard to what is expected of controllers. In particular, the EDPB’s rejection of any proportionality limit with […]
