I know one of the requirements of the GDPR is for data portability requests. On a website I have, it has users that includes their address, contact number etc but it also tracks what the user downloads and pages they visit, contact forms they submit.
If Joe blogs submits a request for their data, would I need to give them a copy of every single bit of information I have or just the information they signed up with?
Also one of the requirements is to be able to transmit such data directly from an existing data controller to a new controller without hindrance. How is something like that to work? If the user is on site A and B they should be able to copy their information from A to B or vice versa?