Expert Advice Community

Guest

Data Subject Access Request

  Quote
Guest
Guest user Created:   May 18, 2022 Last commented:   May 20, 2022

Data Subject Access Request

We have had a Subject Access Request from an ex-employee. I would like to know what data exactly I need to send and what do I need to dedact from the data that we send out? The user has only been with us for a few months, so mainly Teams messages and emails. There will be other usernames and Client names in the mix, do we need to dedact them all? I have the data from ***, but need to run through it now and send out by the end of the month.
0 0

Assign topic to the user

EU GDPR PERSONAL DATA PROTECTION POLICY

Top-level document that describes main roles and responsibilities.

EU GDPR PERSONAL DATA PROTECTION POLICY

Top-level document that describes main roles and responsibilities.

Expert
Tudor Galos May 20, 2022

The right to access is a fundamental right of the data subject. As stated in Article 15 GDPR - Right of access by the data subject – paragraph 3: “The controller shall provide a copy of the personal data undergoing processing”. However, paragraph 4 states that “The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others”. So you should redact out personal data of other data subjects (including usernames, pseudonyms, etc), intellectual-property protected data, and confidential data (including customer names, customer financial info, discounts, financial offerings, invoices, contracts, etc).

Advisera’s EU GDPR Premium Toolkit might help you in this endeavor because part of the toolkit we have a template for a Data Subject Access Request Procedure as well as templates for disclosure forms.

 

Please visit these links for more details:

Tudor Galos
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 18, 2022

May 20, 2022

Suggested Topics

Guest user Created:   Aug 22, 2018 EU GDPR
Replies: 1
0 0

Data Subject access request procedure

Guest user Created:   May 25, 2018 EU GDPR
Replies: 1
0 0

Data subject access requests