Recital 64

1 The controller should use all reasonable measures to verify the identity of a data subject who requests access, in particular in the context of online services and online identifiers. 2 A controller should not retain personal data for the sole purpose of being able to react to potential requests.

This recital of the General Data Protection Regulation clarifies article 15 GDPR (Right of access by the data subject).*

The reference between articles and recitals is based on the professional assessment of

Contact us!

Assistance with data protection?

Subscribe to our free newsletter! 

Secure the knowledge of our experts!

Subscribe to our free newsletter: