According to Article 15 of the General Data Protection Regulation (GDPR) of the EU, users (called data subjects) have the right to access personal data handled by organizations (called data controllers) and their processors. Currently the results of these requests delivered by data controllers, even by the big players of the IT landscape, vary heavily in quality. This makes it very challenging for data subjects to comprehend which of their data is stored, processed or shared for which purpose.
The goal of this thesis is to analyze request results of selected data controllers over the duration of the thesis and find or develop meaningful tools to assist in this process.
Exemplary tasks include:
- Identify relevant Data Controllers
- Initiate Right of Access (RoA) requests
- Develop methodology and tool assistance to analyze results
- Identify appropriate measures to improve result and forward them as recommendations to Data Controllers
- Observe changes in result quality over time