Right to Data Portability
Description
Data subjects have the right to receive personal data in a structured, commonly used, machine-readable format; right to transmit to another controller.
⚠️ Risk Impact
Portability requests are infrequent but high-profile when they fail. Data formats that aren't standard or aren't complete generate complaints + DPA escalations.
🔍 How EchelonGraph Detects This
EchelonGraph's Tier 1 Cloud Scanner automatically checks for this condition across all connected cloud accounts. Violations are flagged as medium-severity findings with remediation guidance.
🔧 Remediation
Self-service data export (JSON / CSV). Cover all categories collected on consent or contract basis. 1-month SLA. Document exports.
💀 Real-World Attack Scenario
A user requested data export from a SaaS. The export contained the JSON structure but omitted user-generated content (comments, uploads) — argued 'derivative data isn't personal data'. DPA disagreed; €400K fine + ordered comprehensive exports.
💰 Cost of Non-Compliance
Article 20 violations: avg €300K-€1M.
📋 Audit Questions
- 1.Export format?
- 2.Categories covered?
- 3.SLA tracking?
- 4.Recent export examples?
⚡ Common Pitfalls
- ⛔Export missing user-generated content
- ⛔Format that isn't machine-readable
- ⛔1-month SLA exceeded
📈 Business Value
Compliant portability supports customer trust + reduces friction.
⏱️ Effort Estimate
Per-request workflow
EchelonGraph integrates with DSR platforms
Automate GDPR Art20 compliance
EchelonGraph continuously monitors this control across all your cloud accounts.
Start Free →