The Data Protection Commission (DPC) has announced its participation in the European Data Protection Board's 2024 Coordinated Enforcement Framework (CEF). The CEF is a European wide initiative where the European Data Protection Board (EDPB) will prioritise a specific aspect of data protection law and then cooperate with other data protection authorities to ensure that the chosen aspect is adequately enforced. The curent 2024 CEF will focus on the right of access as contained in Article 15 of the GDPR. Presently, 31 supervisory authorities in the European Economic Area have announced their participation in the CEF.
The DPC will begin its participation by sending out questionnaires to 30 data controllers across Ireland's public and private sector. These questionnaires will gauge how well the right to access is protected and whether organisation have been following the EDPB Guidelines 01/2022 on data subjects' rights. The DPC will then aggregate and anaylse the results in coordination with other European data protection authorities. Collectively, these data protection authorities will then decide on possible further supervision and enforcement actions. The DPC will also evaluate whether a formal investigation is necessary in the case of some data controllers. The EDPB will later publish an overall report once all actions are concluded.
As noted in the EDPB's Guidelines 01/2022, the right of access is an important element of the whole data protection system, enabling natural persons to have the control over their own personal data. The enforcement of this right is a crucial one for data subjects and an important issue for data controllers to be cognisant of.
A copy of the DPC's press release on the 2024 CEF may be found here. A copy of the EDPB's Guidelines 01/2022 on data subjects' rights can be found here.
