On 20th January 2025, the European Data Protection Board (EDPB) adopted a report on the implementation of data controllers' right of access. It summarises the results of a European action carried out by certain supervisory authorities in 2024. In this context and at the same time as other authorities, the CNPD launched a consultation on the right of access for data controllers established in Luxembourg.
This report summarises the main implementation problems observed among 1,185 participating data controllers and proposes a series of recommendations and best practices. This report will therefore be very useful reading for any data controller seeking to improve the implementation of the right of access.
The right of access is at the heart of data protection and is one of the most frequently exercised rights in data protection. It also enables data subjects to exercise other rights relating to data protection, such as the right of rectification and erasure.