Page MenuHomeWildfire Games
IndexNew Document
Phriction Knowledge Base Home Data Gdpr Request

Gdpr Request
Updated 1,516 Days AgoPublic
Actions

A GDPR Request, formally known as a Data Subject Access Request (DSAR), is a communication received from a data subject that they wish to exercise their rights under the GDPR to access their data.

from wikipedia.org/wiki/General_Data_Protection_Regulation#III_Rights_of_the_data_subject

The right of access (Article 15) is a data subject right.[12] It gives citizens the right to access their personal data and information about how this personal data is being processed. A data controller must provide, upon request, an overview of the categories of data that are being processed (Article 15(1)(b)) as well as a copy of the actual data (Article 15(3)); furthermore, the data controller has to inform the data subject on details about the processing, such as the purposes of the processing (Article 15(1)(a)), with whom the data is shared (Article 15(1)(c)), and how it acquired the data (Article 15(1)(g)).

Policy

  • We should consider which of our staff who regularly interact with individuals may need specific training to identify a request.
  • We should define procedures for recording details of the requests we receive, particularly those made by telephone or in person/chat/social media.
  • We should keep a log of requests.
  • We MUST respond within 1 month. We should respond as quickly as possible.
  • We MUST comply with GDPR and respond to these requests properly.
  • We should be prepared to receive GDPR requests through any medium, not just electronically.

The GDPR does not specify how to make a valid request. Therefore, an individual can make a subject access request to you verbally or in writing. It can also be made to any part of your organisation (including by social media) and does not have to be to a specific person or contact point.
A request does not have to include the phrase 'subject access request' or Article 15 of the GDPR, as long as it is clear that the individual is asking for their own personal data.

source

Processes

{M6}

Procedures

None yet

Recommended reading:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr

Last Author
user1
Last Edited
Feb 28 2020, 9:18 PM

Event Timeline

user1 created this object.Feb 28 2020, 12:39 AM
user1 edited the content of this document. (Show Details)Feb 28 2020, 9:18 PM
user1 added subscribers: Stan, elexis.
Itms changed the edit policy from "All Users" to "Restricted Project (Project)".Jun 29 2023, 11:40 AM
Wildfire Games · Phabricator