
The European Data Protection Board has published the results of the coordinated action in which more than twenty data protection authorities at European level have participated, including the Catalan Data Protection Authority (APDCAT). The objective has been to know the degree of application of the right of access to information relating to citizens' personal data processed by organizations throughout Europe. This report includes the challenges identified, good practices, as well as a list of recommendations to help those responsible to put into practice the appropriate mechanisms and procedures for the attention of the exercise of the right of access.
In this framework, the APDCAT addressed, during 2024, a survey to several entities (26) responsible for data processing in their area of action, which includes public sector entities in Catalonia and private entities that perform public functions.
The action has served to provide updated information on the degree of compliance with this right expressly included in the General Data Protection Regulation, which includes people's access to information relating to their personal data when it is processed by a certain organization and which serves to reinforce the obligation of transparency regulated in the GDPR regarding how personal data is processed. Thus, this right allows individuals to know whether the entity in question processes their personal data, and, if so, what data it is, the purpose of the processing, the categories of personal data that are processed and the recipients to whom the data have been or will be communicated, the planned period of conservation, the origin of the data, when they have not been obtained from the affected person himself, whether they will be used to develop profiles with automated decisions, whether they will be transferred outside the EU with guarantees, as well as the right to request the rectification or deletion of the data, the limitation of the processing or the right to object to it, the right to file a complaint with the competent supervisory authority.
The APDCAT has participated in this action jointly with the Spanish Data Protection Agency and the Andalusian Transparency and Data Protection Council.
The Catalan Data Protection Authority has participated together with more than twenty European supervisory authorities in an action promoted by the European Data Protection Board, to learn about compliance with the right of access to European entities.