[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6z96jBvhvvMKwsrf7AqYKhQHlloPDKfG-c44Nro0m9Q":3},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":7,"wordCount":8,"readTime":9,"title":10,"nbDownloads":11,"excerpt":7,"lang":12,"url":13,"intro":14,"featured":4,"state":15,"author":16,"authorId":17,"datePublication":21,"dateCreation":22,"dateUpdate":23,"mainCategory":24,"categories":44,"metaDatas":50,"imageUrl":7,"imageThumbUrls":51,"id":52},false,"This right provided for in **article 15 of the GDPR** allows any person to ask an organisation **if it holds [personal data](https://www.dastra.eu/en/guide/personal-data/56315)** concerning him or her, and to request **a copy** of it in an **understandable format** and **at a cost not exceeding that of reproduction**. \r\n\r\nIf the organisation has **doubts about the identity of the person**, it may ask him or her to attach any document that makes it possible to **prove his or her identity**.\r\n\r\nThe person can therefore find out:  \r\n* What is the [**purpose of the processing**](https://www.dastra.eu/en/guide/purpose-of-processing/56312)\r\n* What **categories of personal data are processed**? \r\n* Who are the **recipients** to whom the personal data has been or will be communicated,\r\n* [**how long the data will be kept**](https://www.dastra.eu/en/guide/data-retention-period/56323) \r\n* The possibility of **exercising other rights** (right of rectification, deletion, limitation, opposition),\r\n* The possibility of **referring to the data protection authority**,\r\n\r\nHowever, access to certain files is particularly restricted. This is the case, for example, with **certain police files or files concerning State security**. \r\nThe law **does not** authorise an individual to access information contained in these files directly. However, access may be granted **indirectly via the CNIL**. \r\nThe same applies to files that may infringe **intellectual property rights** or **business secrets**. \r\n\r\n### **How to make an access request**\r\n\r\nThe request may be made **verbally** or in **writing**, through any medium (including social networks) and to any person within the organisation. \r\n\r\n### **How long does the organisation have to respond to the request?**\r\n\r\n- In principle, the response time is **a maximum of one month from the date of the request**.\r\n- It may be extended to **three months** in view of the **complexity** and number of requests, on **the condition that the data subject is informed within one month** of his or her request for right of access.\r\n- If the request concerns **health data**, the response time is in principle **eight days**, subject to national exceptions\r\n\r\n\r\n\r\n\r\n\r\n","\u003Cp>This right provided for in \u003Cstrong>article 15 of the GDPR\u003C/strong> allows any person to ask an organisation \u003Cstrong>if it holds \u003Ca href=\"https://www.dastra.eu/en/guide/personal-data/56315\">personal data\u003C/a>\u003C/strong> concerning him or her, and to request \u003Cstrong>a copy\u003C/strong> of it in an \u003Cstrong>understandable format\u003C/strong> and \u003Cstrong>at a cost not exceeding that of reproduction\u003C/strong>.\u003C/p>\r\n\u003Cp>If the organisation has \u003Cstrong>doubts about the identity of the person\u003C/strong>, it may ask him or her to attach any document that makes it possible to \u003Cstrong>prove his or her identity\u003C/strong>.\u003C/p>\r\n\u003Cp>The person can therefore find out:\u003C/p>\r\n\u003Cul>\r\n\u003Cli>What is the \u003Ca href=\"https://www.dastra.eu/en/guide/purpose-of-processing/56312\">\u003Cstrong>purpose of the processing\u003C/strong>\u003C/a>\u003C/li>\r\n\u003Cli>What \u003Cstrong>categories of personal data are processed\u003C/strong>?\u003C/li>\r\n\u003Cli>Who are the \u003Cstrong>recipients\u003C/strong> to whom the personal data has been or will be communicated,\u003C/li>\r\n\u003Cli>\u003Ca href=\"https://www.dastra.eu/en/guide/data-retention-period/56323\">\u003Cstrong>how long the data will be kept\u003C/strong>\u003C/a>\u003C/li>\r\n\u003Cli>The possibility of \u003Cstrong>exercising other rights\u003C/strong> (right of rectification, deletion, limitation, opposition),\u003C/li>\r\n\u003Cli>The possibility of \u003Cstrong>referring to the data protection authority\u003C/strong>,\u003C/li>\r\n\u003C/ul>\r\n\u003Cp>However, access to certain files is particularly restricted. This is the case, for example, with \u003Cstrong>certain police files or files concerning State security\u003C/strong>.\r\nThe law \u003Cstrong>does not\u003C/strong> authorise an individual to access information contained in these files directly. However, access may be granted \u003Cstrong>indirectly via the CNIL\u003C/strong>.\r\nThe same applies to files that may infringe \u003Cstrong>intellectual property rights\u003C/strong> or \u003Cstrong>business secrets\u003C/strong>.\u003C/p>\r\n\u003Ch3 id=\"how-to-make-an-access-request\">\u003Cstrong>How to make an access request\u003C/strong>\u003C/h3>\r\n\u003Cp>The request may be made \u003Cstrong>verbally\u003C/strong> or in \u003Cstrong>writing\u003C/strong>, through any medium (including social networks) and to any person within the organisation.\u003C/p>\r\n\u003Ch3 id=\"how-long-does-the-organisation-have-to-respond-to-the-request\">\u003Cstrong>How long does the organisation have to respond to the request?\u003C/strong>\u003C/h3>\r\n\u003Cul>\r\n\u003Cli>In principle, the response time is \u003Cstrong>a maximum of one month from the date of the request\u003C/strong>.\u003C/li>\r\n\u003Cli>It may be extended to \u003Cstrong>three months\u003C/strong> in view of the \u003Cstrong>complexity\u003C/strong> and number of requests, on \u003Cstrong>the condition that the data subject is informed within one month\u003C/strong> of his or her request for right of access.\u003C/li>\r\n\u003Cli>If the request concerns \u003Cstrong>health data\u003C/strong>, the response time is in principle \u003Cstrong>eight days\u003C/strong>, subject to national exceptions\u003C/li>\r\n\u003C/ul>\r\n",null,339,2,"Access right",0,"en","access-right","Understanding the basic concepts of the General Data Protection Regulation: access right\r\n","Published",{"id":17,"displayName":18,"avatarUrl":19,"bio":7,"blogUrl":7,"color":7,"userId":17,"creationDate":20},38,"Paul-Emmanuel Bidault","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg","2019-12-03T19:09:28","2023-12-27T09:32:39.072","2023-12-27T10:32:37.3601815","2023-12-27T10:38:57.1513632",{"id":25,"name":26,"description":27,"url":28,"color":29,"parentId":7,"count":7,"imageUrl":30,"parent":7,"order":11,"translations":31},21,"Glossary","Definition of every word used by Dastra","glossary","#643bb0","https://static.dastra.eu/tag/b308b9d3-37af-4e92-8354-ab8adec1740a/documentation-1000.png",[32,36,40],{"lang":33,"name":34,"description":35},"fr","Glossaire","La définition de tous les termes utilisés dans Dastra",{"lang":37,"name":38,"description":39},"es","Glosario","La definición de todos los términos utilizados en Dastra",{"lang":41,"name":42,"description":43},"de","Glossar","Die Definition aller in Dastra verwendeten Begriffe",[45],{"id":25,"name":26,"description":27,"url":28,"color":29,"parentId":7,"count":7,"imageUrl":30,"parent":7,"order":11,"translations":46},[47,48,49],{"lang":33,"name":34,"description":35},{"lang":37,"name":38,"description":39},{"lang":41,"name":42,"description":43},[],[],56322]