Unanswered employees DSRAs – no big deal?
2024 01 12
Well, it is! The Italian Data Protection Authority (Garante) imposed fines of 40,000 EUR and 100,000 EUR on two Italian transportation and energy corporations for totally ignoring their employees’ data access requests (DSAR).
WALLESS GDPR experts share tips on how to avoid such situations:
- Act fast and react! Employees are also data subjects under GDPR;
- Respond promptly, within the 1-month timeframe set out in GDPR, showcasing transparency;
- Busy? No Problem! You may extend the deadline for responding by a further 2 months but inform the data subject of the reasons;
- Don’t guess! If the request is unclear, ask for clarification before providing an answer;
- Prepare an internal DSAR procedure with step-by-step instructions for responsible employees handling DSARs;
- If you delay a response, admit it. Explain, prioritize, and keep the conversation going. Do not forget to review your processes to avoid such gaps, which can impact you financially!