What is the right of access according to the GDPR?
82% of consumers will use their new rights following the GDPR.
A study carried out by Pegasystems on a panel of 7,000 consumers across 7 European countries has led to the following conclusion: 82% of European citizens, following the implementation of the GDPR, will make use of their new digital rights (right to be forgotten, right of access, right of modification, etc.). Italy leads the way with 90% of consumers planning to use their rights, ahead of Spain (89%) and France, which is in third place (86%).
This use of rights is explained by the fact that 93% of consumers say they are not comfortable with the use of their personal data by companies. The desire to make requests to exercise rights is generated by a lack of trust and by customer experiences that were unsatisfactory or not very satisfactory.
The right of access is the most important for European citizens.
About 8% of European consumers think that companies should not keep any personal data. On the other hand, keeping so-called basic data (name, first name or email address) is not seen as intrusive by 76% of them.
The attention of many consumers turns to the data held by companies: what they know about them, their habits, their daily lives. So, for 47% of them, the right of access is seen as the most important and most impactful right: knowing who knows what is essential to re-establishing a relationship of trust. The right of access allows to obtain confirmation that personal data are or are not processed. It is this right that will allow an individualised insight into the processing operations.
According to Article 15 of the GDPR, the individual, using his right of access, may request the following data from the company or administration:
- The purposes for which the personal data is processed;
- The recipients of the personal data;
- The duration of the storage of the personal data;
- The source of the personal data;
This information must be provided within one month by the data controller. Moreover, it must be provided “in a concise, transparent, comprehensible and easily accessible manner, in clear and simple terms” (Art. 12).
The new European regulation rebalances the relationship between individuals and organisations in all matters relating to personal data. The individual is once again the decision-maker, and in a position to control the collection, exchange and use of his or her personal data.
More transparency and control: this is the way to restore trust, and thus promote the healthy development of digital services. What remains to be done is to put in place simple and secure tools to enable everyone to reclaim their own data.