During the course of the investigation of this complaint, the complainant alleged that the files made available to the complainant by the data controller at its premises did not constitute all the personal data concerning the complainant that was held by the data controller .

However, the data controller was of the view that the access request made by the complainant was limited to personal data held in relation to two planning applications due to the reference numbers for the planning applications being quoted by the complainant on the com- plainant’s access request . Accordingly, the data controller sought to distinguish between personal data relating to the publicly available planning files, which were supplied to the complainant at a public viewing, and personal data created following the refusal of the complainant’s planning application, which the data controller considered to be outside the scope of the access request .

While the complainant mentioned two specific planning applications, the access request was expressed in general terms and sought access to “any information you keep about me electronically or in manual form” . Accordingly, it was considered that the personal data sought by the complainant included all data that arose in the context of the complainant’s engagement with the data controller prior to submitting the two identified planning applications and all data that arose after those applications were refused .

The data controller, due to the specific circumstances of the case, contravened its data protection obligations when it failed to supply the complainant with a complete copy of the complainant’s personal data in response to the access request within the statutory period . Under GDPR, Article 15 relates to the right of access by the data subject to personal data relating to them that the controller holds . Article 12(3) sets out the condition under which a controller must provide said personal data . There is an onus on a controller to provide information on the action taken under such a request without undue delay and in any event within one month of receipt of the request .There are also conditions set out in this article that provide for this timeframe to be extended .