The organization must be able to provide the data subject with a copy of the personal data being processed at the data subject's request.
The organization must plan in advance a process by which a copy of the personal data can be delivered in a structured and commonly used format and securely to the data subject.
The data subject shall have the right to obtain the personal data provided to the controller in a structured, commonly used and machine-readable form and, if he so wishes, to transfer such data to another controller. This can mean, for example, a way to download data added to a web service at a time in a general format (eg XLS, XML, JSON).
The right applies when the following conditions are met:
The right does not cover data that have been generated by the controller himself on the basis of data provided by the data subject (e.g. health assessments) or that have been compiled from the analysis of data generated from the data subject's monitoring (such as profiling).
Our organization is aware of situations where the data subject has the right to transfer their data. We have designed policies for these situations, which may include e.g.: