GDPR Data Subject Request
The GDPR regulation does state that when requests are manifestly unfounded, excessive or repetitive you can either charge ‘a reasonable fee’ or reject it.
These exceptions should be used with caution, though. GDPR doesn’t give specific definitions or examples of what counts as manifestly unfounded, excessive or repetitive, and you should be able to justify your request. It is not permitted to have a blank policy for determining the acceptability of requests, you must consider each request separately.