Table of Contents
Article 1: Definitions
Article 2: Scope of Application of the Decree by Law
Article 3: Bureau's Power of Exemption
Article 4: Cases of Processing Personal Data without the Consent of its Owner
Article 5: Personal Data Processing Controls
Article 6: Terms of Consent to Data Processing
Article 7: The Controller's General Obligations
Article 8: The Processor's General Obligations
Article 9: Reporting Personal Data Breach
Article 10: Appointing Data Protection Officer
Article 11: Roles of Data Protection Officer
Article 12: Duties of the controller and the processor towards the Data Protection Officer
Article 13: Right to Receive Information
Article 14: Right to Request Transfer of Personal Data
Article 15: Right to correction or erasure of Personal Data
Article 16: Right to Restrict Processing
Article 17: Right to Stop Processing
Article 18: Right to Processing and Automated Processing
Article 19: Contacting the Controller
Article 20: Personal Data Security
Article 21: Assessment of the Impact of Personal Data Protection
Article 22: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is Available
Article 23: Cross-Border Transfer and Sharing of Personal Data for Processing Purposes if a Proper Protection Level is not Available
Article 24: Complaints
Article 25: Grievance against the Bureau's Decisions
Article 26: Administrative Penalties
Article 27: Authorization
Article 28: The Executive Regulation
Article 29: Regularisation
Article 30: Repeals
Article 31: Publication & Enforcement of this Decree by Law
Article 14
Right to Request Transfer of Personal Data
- The Data Subject shall have the right to receive his/her personal data that has been provided to the Controller for processing, in an orderly and machine-readable manner, whenever the processing is based on the consent of the Data Subject, or it is necessary for the implementation of a contractual obligation, and it is carried out by automated means.
- The Data Subject shall have the right to request the transfer of its Personal data to another Controller whenever it is technically feasible.
FAQs
Data Subjects can request data portability when the processing of their personal data is based on their consent or is necessary for the performance of a contract to which they are a party, and when the processing is carried out by automated means. This right allows individuals to obtain their personal data in a usable format and transfer it to another service provider or Controller, enhancing individual control over personal data.
The personal data must be provided in a structured, commonly used, and machine-readable format. This ensures that the Data Subject can easily re-use the information or transfer it without technical barriers. The format must allow interoperability, and where feasible, the transfer should be facilitated directly between Controllers upon the Data Subject’s request.
Yes. Data Subjects have the right to request that their personal data be directly transmitted from one Controller to another, where technically feasible. This supports seamless switching between service providers and reduces data lock-in. However, the transmitting Controller is not obligated to adopt incompatible systems to meet the request technical feasibility is a condition.