Responding to data subject requests
- Log the data subject request (DSR)
- Identity verification
- Respond always within a month!
- Use templates provided in this guide
1. Log the request
Use the data subject register to log the request from the data subject. Data subject kan include employees, ex-employees, job applicants, customers (especially for B2C) and ex-customers.
2. Verify identity
- In most cases you will need to verify the identity of the requester, e.g. driving license, passport, etc.
- Request that the request fills in the template (look under templates.
- Use secure email to protect personal data exchanged.
- Check that the individual actually has the right to request such information!
3. Respond always within a month!
You have a month to respond to the request, but best practice is to respond, even with a receipt (see template) as soon as possible. Even you you are considering using the 2 extra months for more complex requests -which you are entitled to- you must still respond within a month and inform the individual of this.
- To respond to the data subject there are templates you can use in this article.
- Do not forget to log that you have responded, with date.