Message to staff about their role in the data subject requests process
Message to staff about their role in the data subject requests process

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Message to staff about their role in the data subject requests process

What is a data subject request?

Individuals, also known as data subjects, have a number of specific rights in relation to their personal data. They may ask for access, rectification, or deletion (erasure) of the personal data an organisation holds about them. Data subjects can also object to processing, ask for processing to be restricted or ask for their data to be transferred to them or someone else (right of portability). Data subjects can enforce these rights by making a request to any organisation that holds their personal data, known as a data subject request. Our organisation like most others may receive requests from data subjects at any time.

Upon receipt of a request from a data subject to exercise one or more of their rights, we generally have only one month to respond.

There are no specific requirements for how a data subject should make a valid request. Therefore, an individual can make a data subject request to anyone in the organisation verbally or in writing. A request can also be made to any part of our organisation (including by social media) and does not have to be to a specific person or contact point. It also does not have to include the words ‘data subject request’ or refer to the GDPR or UK GDPR, as long as it is clear that the individual is seeking

Popular documents