No, we cannot deny the DSR even if it has bad faith. The Digital Personal Data Protection Act and General Data Protection Regulation grants data principle certain rights, and our company has a legal obligation to fulfil them.

Despite the user’s history of poor intention, our company must treat their DSR with the same due diligence as any other good faith request. Failure to respond could invite heavy penalties. Hence, bad intention is not enough to deny the data subject request.

Safeguards or red flags 

·      Document everything, such as past harassment, fake reviews, and repeated requests. Log all previous requests from them, with dates and details.

·      Estimate the workload or data volume involved in the processing request.

·      Update the DPO or another senior legal person to get the document attested.

Protect your team from further harassment.

·      Pick one person to handle all communication with the user.

·      Make sure you document everything, through mail or any other mode of communication. Make it clear that abusive or harassing language is not acceptable.

·      If the user gets really aggressive or threatening, involve your legal team. This is about keeping your employees safe.

In rare cases, understand the ground for refusal. DPDPA and GDPR provide some grounds for refusal, but they are typically limited and need justification for refusal. Engage with the legal team for the same.

For deep understanding follow the

linkhttps://www.ckonnect.co.in/blog/privacy-team-pulse-7/data-subject-request-dsr-85