Guest user Created: Aug 22, 2018 Last commented: Aug 22, 2018

Data Subject access request procedure

I refer to the 04.5Data Subject Access Request Procedure template and the 04.6Data Subject Access Request Form. There is a requirement for the address proof document. I understand that it is most secure deliver the hardcopy of data by post. However, the request could be asking for an electronic copy in word or PDF, which obviously makes sense only to be sent via an email. The question is whether email is a secure channel and how we can prove the email belongs to the data subject. Could you please share the workable and secure channel for delivering data to the requester?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Aug 22, 2018

Answer:

There is no bullet proof method. The first step is assessing the identity of the data subject to ensure you provide the response to the right individual. Once you do that it is irrelevant if you use email or sent a hardcopy by post. Another thing you need to factor in is the amount of data you need to communicate to the data subject, just imagine what it would be like if Google sent only hardcopies, there would probably be thousands of pages.
So my advice is to use your best judgment, as long as you are sending the data to the right data subject using a commonly used method of communications you should be ok.

To learn more about data subject rights check our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 21, 2018

Expert Advice Community