If the data subject repeats a first request for access on the grounds that the answer received was not complete or that no reasons had been given for the refusal, this request is not to be regarded as a new request, since it is merely a reminder of a first unsatisfied request.
Concerning the allocation of costs in cases of requests for an additional copy, Art. 15(3) establishes that the controller may charge a reasonable fee based on the administrative costs that are caused by the request. This means, that the administrative costs are a relevant criterion for fixing the level of the fee. At the same time, the fee should be appropriate, taking into account the importance of the right of access as a fundamental right of the data subject. The controller should not pass on overhead costs or other general expenses to the data subject, but should focus on the specific costs that where caused by providing the additional copy. When organising this process the controller should deploy its human and material resources efficiently in order to keep the costs of the copy low. In line with the accountability principle the controller should be able to demonstrate the adequacy of the fee.
In case the controller decides to charge a fee, the controller should indicate the amount of costs it is planning to charge to the data subject in order to give the data subject the possibility to determine whether to maintain or to withdraw the request.
22.214.171.124 Making the information available in a commonly used electronic form
In the event of a request by electronic form means, information shall be provided by electronic means where possible and unless otherwise requested by the data subject (see Art. 12(3)). Art. 15(3), third sentence, complements this requirement in the context of access requests by stating, that the controller is in addition obliged to provide the answer in a commonly used electronic form, unless otherwise requested by the data subject. Art. 15(3) presupposes, that for controllers who are able to receive electronic requests it will be possible to provide the reply to the request in a commonly used electronic form (e.g. in PDF). This provision refers to all the information that needs to be provided in accordance with Art. 15(1) and (2). Therefore, if the data subject submits the request for access by electronic means, all information must be provided in a commonly used electronic form. Questions of format are further developed in section 5. The controller should, as always, deploy appropriate security measures, in particular when dealing with special category of personal data (see below, under 2.3.4 ).
2.2.3 Possible limitation of the right of access
Finally, in context of the right of access, a specific limitation is foreseen in Art. 15 (4). It states, that possible adverse effects on the rights and freedoms of others have to be considered. Questions as to the scope and the consequences of this limitation as well as to additional limits and restrictions set forth in Art. 12(5) or under Art. 23 GDPR are explained in section 6.
2.3 General principles of the right of access
When data subjects make a request for access to their data, in principle, the information referred to in Art. 15 GDPR must always be provided in full. Accordingly, where the controller processes data relating to the data subject, the controller shall provide all the information referred to in Art. 15 (1) and, where applicable, the information referred to in Art. 15(2). The information must be complete, correct and up-to-date, corresponding as close as possible to the state of data processing at the time of receiving the request. Where two or more controllers process data jointly, the arrangement of the joint controllers regarding their respective responsibilities with regards to the exercise of data subject’s rights, especially concerning the answer to access requests, does not affect the rights of the data subjects towards the controller to whom they address their request13.