Tagged as: Österreichische Post AG

European Top Court Confirms Companies Need to Name “Recipients” of Personal Data When Responding to Access Requests, Not Just Categories

On January 12, 2023, the Court of Justice of the European Union (“CJEU”) ruled in case C-154/21 | Österreichische Post AG that controllers must provide the specific identity of any “recipient” of personal data in response to a GDPR access request. While the GDPR itself states that controllers may inform…

Read More