Guest
Data Subject access request procedure
I refer to the 04.5Data Subject Access Request Procedure template and the 04.6Data Subject Access Request Form. There is a requirement for the address proof document. I understand that it is most secure deliver the hardcopy of data by post. However, the request could be asking for an electronic copy in word or PDF, which obviously makes sense only to be sent via an email. The question is whether email is a secure channel and how we can prove the email belongs to the data subject. Could you please share the workable and secure channel for delivering data to the requester?
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Expert
Andrei Hanganu
Aug 22, 2018
Answer:
There is no bullet proof method. The first step is assessing the identity of the data subject to ensure you provide the response to the right individual. Once you do that it is irrelevant if you use email or sent a hardcopy by post. Another thing you need to factor in is the amount of data you need to communicate to the data subject, just imagine what it would be like if Google sent only hardcopies, there would probably be thousands of pages.
So my advice is to use your best judgment, as long as you are sending the data to the right data subject using a commonly used method of communications you should be ok.
To learn more about data subject rights check our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).
Comment as guest or Sign in
Aug 21, 2018
Aug 21, 2018
Aug 21, 2018