How long do I have to comply with a data subject request?

read titleRead full title
Published on LexisPSL on 10/12/2020

The following Risk & Compliance Q&A provides comprehensive and up to date legal information covering:

  • How long do I have to comply with a data subject request?

The General Data Protection Regulation (GDPR) provides for enhanced rights for data subjects including providing rights of access, rectification, erasure and restriction of processing, data portability, a right to object to processing and a right not to be subject to a decision based solely on automated processing, including profiling, with strict time limits for complying.

You must respond to a data subject request without undue delay and in any event within one month of receipt of the request, or within one month of receiving:

  1. any information you have requested to confirm the requester’s identity

  2. any fee you have charged

See Q&As: How do I calculate the time limit for responding to a data subject request?, Handling data subject requests—if I request further identity information, when does the clock start ticking? and Can I charge a fee for dealing with a data subject access request?

The one-month period for responding may be extended by two further months where necessary, taking into account the complexity and number of the requ

Popular documents