GDPR is not just a legal requirement – it is also a commitment to maintaining client trust. The right of access to personal data, as defined in the General Data Protection Regulation, is one of the most fundamental individual rights and simultaneously one of the most challenging areas to implement correctly in practice. 

BDO Slovakia, in collaboration with BDO Legal partners across Europe, has developed “A Legal Guide to the Right of Access in the GDPR”, mapping real-life cases, common errors, and decisions by data protection authorities, including those from Slovakia. 
 

 

A Legal Obligation – Not a Choice 

Article 15 of the GDPR guarantees individuals the right to know what personal data a company processes about them, why, and with whom it is shared. Every organization acting as a data controller is legally required to respond to such requests, in principle, within one month.

Failure to respond, delayed responses, or incomplete information constitute violations of the regulation – and in practice, can lead to fines, regulatory scrutiny, or loss of client trust.

 

What Are the Most Common Mistakes in Practice?

• Formal obstacles to exercising the right: such as requiring notarized signatures from the applicant, which is inconsistent with Article 12(5) of the GDPR. 

• Failure to process the request without undue delay or within the specified timeframe, or lack of notification about time extensions in justified cases. 

• Incomplete or vague responses that do not include all required information (e.g., categories of recipients, data sources, data subject rights). 

• Confusion between the right of access to personal data and the right of access to documents, particularly in public administration, where this often leads to misinterpretation of obligations.

 

Recommended Measures for Organizations

• Establish and regularly update internal guidelines on processing data subject rights and ensure their effective implementation in practice. 

• Conduct regular staff training, especially for employees in direct contact with clients (HR, customer service, legal departments). 

• Implement system tools for efficient data search, retrieval, and output. 

• Set up secure channels for data delivery (e.g., encrypted email, secure portals). 

• Continuously test and document all stages of handling access requests as evidence of compliance.
   

Download the Expert Guide by BDO

The Right of Access in the GDPR guide serves as a practical tool for legal professionals, compliance managers, and data protection officers. It includes dozens of case studies from jurisdictions such as Slovakia, Belgium, Germany, Italy, and the Netherlands.

Should you require expert consultation on GDPR compliance or internal control mechanisms, feel free to contact us.