According to the European Data Protection Board, controllers responding to a data subject access request can refuse to provide a copy of personal data under certain conditions. Which of the following is NOT one of these conditions?
A.
If the data subject access request was sent to an employee that is not involved in the processing of such requests.
B.
If there is such a large amount of data that the controller cannot identify the data subject of the request.
C.
If the controller is unable to use end-to-end encrypted emails for responding to such requests.
D.
If the personal data was processed in the past but is no longer at the controller’s disposal at the time of the request.
A. If a data subject is (i.e.) not informed about where he can file his request, the employee who receveid the request should send it to the relevant department to process the request according to the GDPR. It cannot be a reason for a employer to say: 'you sent yopur request to the wrong employee so we so not have to grant you your GDPR-right. That would be way to easy a way to avoid the applicability of th GDPR.
C. If the controller is unable to use end-to-end encrypted emails for responding to such requests: This is not a valid reason to refuse a request. While security in transmission is important, alternative secure methods should be sought if end-to-end encryption is not feasible.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Janevol
2 weeks, 2 days agohele_meneer
5 months, 2 weeks agoaliblabla
5 months, 3 weeks agoSsourav
6 months agoARAWAD
9 months ago