GDPRquiz of the week

When the purposes for which a controller processes personal data do not require the identification of the data subject, what must be considered by the controller regarding potential access requests by the data subject?

The controller has to publish all information required under Article 15 GDPR since it is not able to comply with potential access requests by the data subject.

The controller is not obliged to process additional identification information for the sole purpose of complying with the right of access, unless the data subject provides additional information enabling their identification.

The controller is obliged to acquire additional information for the identification of the data subject, in order to be able to comply with a potential access request.

The controller is obliged to anonymise the relevant data without delay and to delete all potential identifiers connected to the data.