Rock the OneTrust Certified Privacy Pro Exam 2026 – Privacy Pros, Prepare to Shine!

Question: 1 / 400

What is the maximum time limit for responding to data subject access requests under GDPR?

Two weeks

One month

Under the General Data Protection Regulation (GDPR), the maximum time limit for responding to data subject access requests is one month. This timeframe is established to ensure that individuals can receive timely access to their personal data held by organizations.

The GDPR recognizes the importance of allowing data subjects to exercise their rights efficiently. Therefore, when a request is received, the organization is required to respond without undue delay and, in any case, within one month of receiving the request. This period can be extended by a further two months where the request is complex or where there are numerous requests, but the initial timeframe remains one month.

This one-month period helps to balance the rights of individuals seeking information about their data with the practical considerations organizations face in handling such requests. It ensures accountability and fosters transparency in data processing activities, which are core principles of the GDPR.

Get further explanation with Examzify DeepDiveBeta

Three months

Six months

Next Question

Report this question

Download OneTrust Certified Privacy Professional Practice Exam PDF Study Guide
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy