Ireland’s Data Protection Commission weighs in on the issue of COVID-19 and data access requests:
“The Data Protection Commission acknowledges the significant impact of the Covid-19 health crisis which may affect organisations’ ability to action GDPR requests from individuals, such as access requests.
While the statutory obligations cannot be waived, should a complaint be made to the DPC, the facts of each case including any organisation specific extenuating circumstances will be fully taken into account.”
Organizations should:
- communicate with individuals about the handling of their request, including any extension to the period for responding and the reasons for the delay
- consider whether it is possible to respond to requests in stages. For example, if hard copy records cannot be accessed, provide the requester with electronic records, with hard copies provided later.
- communicate clearly
- engage with individuals in order to ensure that the request is as specific as possible in relation to the personal data sought.
- ensure that the request is actioned as soon as possible.
- document the reasons for not complying with timelines