GDPR

Only if the amount of disclosure requests is considered "excessive", or the requests are repeadetdly unfounded, a fee may be incurred or service refused (Article 12, section 5) This is simply to prevent blatant misuse of the right :) As for passwords, it's not listed that it has to be disclosed... (Article 13 and 15) GDPR HTML version: L_2016119EN.01000101.xml[^]