Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?
Start-up company MagicAI is developing an AI system that will be part of a medical device that detects skin cancer. To take measures against potential bias in its AI system, the IT Team decides to collect data about users' ethnic origin, nationality, and gender.
Which would be the most appropriate legal basis for this processing under the GDPR, Article 9 (Processing of special categories of personal data)?
An organization receives a request multiple times from a data subject seeking to exercise his rights with respect to his own personal data. Under what condition can the organization charge the data subject a fee for processing the request?
In which of the following cases, cited as an example by a WP29 guidance, would conducting a single data protection impact assessment to address multiple processing operations be allowed?