Article 20 of the GDPR: Right to data portability
Article 20 of the GDPR explained
This right applies:
- When the processing is based on the consent or l’execution of a contract ;
- And it is carried out using automated processes.
The data subject may:
- Obtain the data it has provided (including actively or by observing its behavior);
- Receive them in an easily reusable format;
- Pass them on to another service (if technically possible).
Why is this article important for your GDPR compliance?
This right strengthens the freedom of choice and competition between digital services. It allows users to change providers without losing their data. Failure to respect it can slow down the mobility of people and expose them to sanctions.
How to comply with Article 20 of the GDPR?
- Offer users one tool for downloading their data in a standard format (eg: CSV, JSON).
- Document the data types involved and the transfer procedure.
- Check that your systems are interoperable with other platforms.
- Respond to requests in a period of one month.
Examples of application of Article 20 of the GDPR
- A streaming platform allows users to export their viewing history and preferences.
- A mobile operator provides its customer with its invoices and usage data in a readable file.
- A bank offers export of all transactions and personal data from the secure customer area.
Related Resources
Accelerate your compliance in just a few clicks
- Automate your compliance with our GDPR software
- Supported or outsourced by our DPO experts
- Raise awareness among your teams with our GDPR training e-learning
👉 Request a demo with an expert
⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis:
