Printer Friendly, PDF & Email

Your organization has received a data access request. What now?

Patrick O’Kane ( is a London-based UK Lawyer (Barrister) and Data Protection Officer for a US Fortune 100 company.

There has been something of a tsunami of privacy regulation over the past few years, and this is set to accelerate. According to Gartner, 10% of the world’s population in 2020 had a modern privacy law regulating the use of personal data, and it predicts that by 2023, 65% of the world’s population will have a modern privacy law.[1]

Since 2018, we have had major privacy laws implemented: the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the US, and the General Data Protection Act in Brazil. A major new privacy law is expected in India—the Personal Data Protection Bill—in 2021.

These regulations have many features in common, including security requirements, large penalties and fines for breaches of the regulation, and privacy notice requirements. They also share an important common feature. They give individuals the right of access over their personal data. Under privacy regulations, an access request is usually a right for an individual to access and receive a copy of all of the personal data your company holds on them. This may include any record containing their name or information.

This document is only available to members. Please log in or become a member.