Ghosting messages can be pricey or why you should always respond to data subjects

2023 01 19

In your privacy policy, you probably state that you reply to data subject requests within 1 month. However, one Finnish company had to learn the hard way that you must comply with such statements. It received a fine of €750,000 when it failed to reply to various data subject requests. Also, the fact that it was no longer processing the data in question has not saved the company.

WALLESS experts share their insights on how to avoid such fate:

  • Have a documented process for implementing the rights of data subjects;
  • Train your employees how to react to data subject requests, what should be your primary answer;
  • Designate a responsible person to respond to such requests and inform the staff that he or she shall be included in the communication with the subject from the start;
  • Create a separate email address for data subjects’ requests. This will help you not to miss messages and to respond promptly.

#GDPR #privacy #compliance

WALLESS Weekly Review

Subscribe and receive the summary of the Lithuanian Supreme Court's rulings every week in your inbox. The information is prepared by the WALLESS Arbitration and Dispute Resolution Team.

Please note that review is in Lithuanian.