Responding to data subject requests

  1. Log the data subject request (DSR)
  2. Identity verification
  3. Respond always within a month!
  4. Use templates provided in this guide

1. Log the request
Use the data subject register to log the request from the data subject. Data subject kan include employees, ex-employees, job applicants, customers (especially for B2C) and ex-customers.

2. Verify identity
  • In most cases you will need to verify the identity of the requester, e.g. driving license, passport, etc.
  • Request that the request fills in the template (look under templates.
  • Use secure email to protect personal data exchanged.
  • Check that the individual actually has the right to request such information!

3. Respond always within a month!

You have a month to respond to the request, but best practice is to respond, even with a receipt (see template) as soon as possible. Even you you are considering using the 2 extra months for more complex requests -which you are entitled to- you must still respond within a month and inform the individual of this.
  • To respond to the data subject there are templates you can use in this article. 
  • Do not forget to log that you have responded, with date.