Overview
Ashley Winton said there is confusion about how best to comply with data subject access requests. “Helpfully, the GDPR appears to codify earlier CJEU Cases C-141/12 and C-372/12 . . . and sets out that the purpose of the right of access is to allow the data subject to ‘be aware of, and verify, the lawfulness of the processing.’ This may help limit the worst of the fishing expeditions,” he said.