On August 8, the CNIL provided guidelines for responding to a right-of-access request (source document in French). The CNIL requires a data controller to respond to a right-of-access request free of charge within one month or, where the request is complex, within two additional months. The data controller must inform the data subject of a decision not to answer his or her request.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.