[zerostar07]

is there a requirement that this ability is 24/7/365?

I mean , knowing GDPR , i would guess at best the provision would be something like "a reasonably long amount of time but not long enough to be unreasonable based on appropriate considerations of data subject's patience"

[jacquesm]

It certainly isn't a provision in the law that if you feel that you won't be able to deal with your users legitimate requests that you have the option to lock them out entirely.

I can imagine something to the effect of stopping further gathering of data (to stop digging the hole deeper), to give your users the option to request what is their right through some kind of form and to park those requests until you're done with the implementation and in the meantime give them continued access.

After all, the law already has a provision in it that you have 30 days to respond, and another 2 months after that if you are for some reason technically incapable and need an extension.