Expert Advice Community

Guest

Email won't respond unless I give certain info in order to be GDPR-compliant - is this GDPR-relevant?

  Quote
Guest
Guest user Created:   Feb 03, 2021 Last commented:   Feb 04, 2021

Email won't respond unless I give certain info in order to be GDPR-compliant - is this GDPR-relevant?

I sent an email to my company's HR about some issues, who said they wish to know who I am (i.e., whether I am an employee, customer, relation to an employee etc.) in order to keep their response GDPR compliant. Is this in any way GDPR-relevant, and would it not risk being less compliant by asking for more personal detail where it is most likely irrelevant to do so?

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Feb 03, 2021

From the point of view of your organization, knowing how you are related to the company helps them to address your inquiry to the corrected person. In fact, from the perspective of Access Policy, HR staff cannot access or deal with customers, while the customer care service shall not deal with employees' requests.So their request makes sense from this perspective.

Here you can find more information on the impact of GDPR on HR management

If you need to understand how to comply with GDPR requirements in the workplace, you can consider enrolling in our free training EU GDPR Foundations course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0
Guest
Guest user Feb 03, 2021

Thank you very much for your reply, Alessandra. I really appreciate you taking the time. However, I am still unsure it is information they should be requesting (owing to the longer version of my query), that they would require my status, as the issues at hand weren't about a particular individual or individuals, but rather the company as a whole - and I am afraid that if I say I am an employee they will find a way to twist their response or even attempt to seek me out. All the same, at least I know how to best structure my response to them going forward - I was just wondering if they were hiding behind GDPR as an excuse, you see. Now that that part is at least out of the way, that helps me going forward.


Thank you again so much for your time! 

Quote
0 0
Expert
Alessandra Nisticò Feb 04, 2021

In your first question, you stated that they can find that you are an employee from the content of your complaint so that they can discover it without asking you. The consequences arising from your complaint may differ from your contract and your home labor law but do not involve GDPR. Depending on how sensitive your allegation and complaint are, I would suggest you talk to a lawyer to get a better consultation over your concrete situation.From the perspective of GDPR compliance, it is a common procedure to confirm identity in order to handle correctly a data subject access request.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 03, 2021

Feb 04, 2021

Suggested Topics

Guest user Created:   Sep 21, 2021 EU GDPR
Replies: 3
0 0

Application of GDPR to emailed CVs

Guest user Created:   May 19, 2021 EU GDPR
Replies: 3
0 0

Email marketing

Guest user Created:   Feb 04, 2021 EU GDPR
Replies: 1
0 0

Holding Personal Information