Know your rights. Right of access. Why and how to ask companies for copies of your data.

As consumers, we're all aware that companies collect our data. But did you know that you can request a copy of your data, a full breakdown of all your personal information you have shared with organizations? The first step towards understanding and controlling how your data is handled by organizations is to see where you stand right now. And with the right to access, you’ve got the power!

What it is

The "Right of Access" (article 15 - GDPR)gives you the authority to ask organizations about how they handle your personal data and obtain copies of that data. Whether it's your name, address, online behavior, or other personal details, you have the right to know who has it, what they're doing with it, who they're sharing it with, and where they got it from.

The right of access is the right to get a copy of your data, free of charge, in an accessible format. Organizations and companies should reply to you within one month and have to give you a copy of your personal data and any relevant information about how the data has been used, or is being used.

Example story:

You are a fan of online shopping. You sign up for a new online boutique's loyalty program, and after a few weeks, you start receiving emails with discounts on products that you have viewed but haven't yet bought. Do these tailored offers have anything to do with your recent sign-up, if they are tracking your browsing patterns, the items you add to your wishlist, and your purchase history?

The simplest way to find out is to reach out to the boutique and ask them what kind of data they have on your shopping habits and how they are using it.

They are obliged by the GPDR law to answer and provide you with a copy of the data they have on you. Then, you'll be informed and decide whether you find this too intrusive (and exercise your right to withdraw consent, restrict processing or to be forgotten), or you may benefit from personalized discounts targeting the exact products you like.

How to make a data request

A data request is an inquiry that allows you to access the information that companies have collected data about you. This could include personal details like your name and address, as well as behaviors such as which websites you visit or what products you've purchased.

Follow these simple tips so you're more likely to get the information you want:

• Submit your request in writing (by email or by post)
• Include your name, an email or postal address, and other relevant contact information.
• State clearly that you are making a request for information and describe the information you want to receive, anything from contact and financial information to medical records and biometric data. Be as specific as possible about  you need, or ask straightforward questions.

If you need help, Digital Identity Protection is only one click away. Not only it shows you what companies and organizations have data on you, but it comes with pre-written emails for them to retrieve or delete your information. All you have to do is fill in your name and press “send”.

What to expect

You can send requests to public authorities, organizations, and data controllers. Some of them recommend you send requests to specific email addresses or use forms on their website. You do not have to follow these instructions, but it is often the quickest way for the organization to deal with your request.

Once the data subject access request is received, the organization has one month to provide the requested information. If they cannot provide the requested data within this time period, they must explain why this is the case. They are not allowed to reject a data subject access request or impose unreasonable conditions on the provision of the requested data. If you believe your request has been improperly handled, you can make a complaint to your local data protection authority.

Make use of your right of access and get control over your data.

The US. In the US, employees have the right to get copies of their data in certain situations. Parents can also get copies of online information collected from their kids under 13. If you're dealing with health services, under HIPAA, you can request copies of your medical info.

On a state level, California residents are given the right to access their personal information held by a business, thanks to the CCPA. Recent state privacy laws like CPRA, Virginia CDPA, Colorado Privacy Act, Utah Consumer Privacy Act, and Connecticut Privacy Act provide a similar right.

Level up your privacy, with solutions that encrypt, monitor and protect your data.