Personal data protection policy
Assign topic to the user
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
EU GDPR DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
2. Ideally a DSAR should be in writing. Under GDPR, can a DSAR be made verbally by the data subject? Must my organization also be prepared to receive DSAR via social media?
Answer:
The Personal data protection policy is aimed to be a commitment of the Company towards achieving compliance with the EU GDPR and could be made public if the Company wants. The Employee data protection policy is meant to regulate within the Company how does the HR department uses employees data and what are the conditions in which those data are processes. So the main difference is the target audience for the two document.
It is advisable to set up dedicated channels to manage the data subject access requests and one reason for this would be to make sure you property identify the data subject so you would need to ask certain identification elements.
If you receive the requests via other channels you need to make sure that you can reasonably and accurately identify the data subject before providing the request. There is no obligation for the data subject to use a certain channel and you need to reply nevertheless.
To find out more about data subject access requests check out our webinar “Data Subject Rights under the EU GDPR” - https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/
Comment as guest or Sign in
Mar 30, 2018