Welcome!

Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

You’ve Received a Vague Data Access Request — What Now?

DSR

363 Views

CKonnect

A user sends a message saying, "I want to know what data you have on me." There is no mention of the specific right being exercised, no user ID, and the email is from a generic Gmail account. Your organisation operates globally and is subject to both GDPR and CCPA.

How would you handle this request?

What steps would you take to verify the identity of the requester?
Would you treat it as a formal DSR? Why or why not?
What would be your first response to this vague request?

Explain your approach clearly — think legal requirements, practical steps, and risk mitigation.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts		Replies	Views	Activity
Can You Deny a DSR if the Request is Weaponized? DSR		0 May 25	335
How Would You Respond to a "Right to Be Forgotten" Request from an Ex-Employee? DSR		0 May 25	354

Welcome!

This question has been flagged

Enjoying the discussion? Don't just read, join in!

Follow us