General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR), put into effect in May 2018, was the first comprehensive and extensive data protection and privacy legislation of its kind. It is so all-encompassing and of such sheer magnitude and importance that it has significantly impacted the way data privacy is approached internationally. Numerous data protection acts use the GDPR as a model on how to structure themselves, such as California’s CCPA and Connecticut’s CTDPA.
The GDPR was created to give individuals back the right to assert control over their own data. One of its important sub-categories is a section on the right of access. This allows individuals to retrieve information about the data an organization holds about them, why that entity has that data, how it is used, and other information relating to it.
With the GDPR, the right to access data was expanded upon with new mandatory information that organizations must provide to individuals upon request. It also made it easier for individuals to submit their requests, access their data, and get information.