The Irish Data Protection Commissioner has issued some new guidance on Limiting Data Subject Rights and the Application of Article 23 of the General Data Protection Regulation.
The General Data Protection Regulation (EU) 2016/679 (the GDPR) raises the bar for data controllers and data processors. It reinforces their obligations over the personal data they process through increased transparency, security and accountability requirements.
At the same time the GDPR standardizes and strengthens the right of all data subjects by providing a framework as to how those rights are to be exercised. The GDPR also prescribes a mechanism (as per Article 23) to permit the restrictions of those rights in particular and specific circumstances.
The purpose of DPC's guidelines is to assist organisations to implement and apply lawful restrictions of those rights and obligations provided for in Articles 12 - 22 and Article 34 of the GDPR.
Download the guidance from the DPC's website [PDF].