Absent Guidelines, Many Questions on Facilitating EU DSARs
At present, companies acting as data controllers lack uniform interpretation of the rules that guide their compliance efforts to respond to data subject rights requests under the EU General Data Protection Regulation. Nevertheless, controllers are expected to adopt internal processes to address such requests in accordance with the applicable legislation. The European Data Protection Board plans to make draft guidelines available in several months for public consultation, giving stakeholders the opportunity to comment. Only after the analysis of the comments received, the EDPB will adopt final guidelines, likely in the second half of the year.