General Data Protection Regulation (“GDPR”)

1 readers

1 users here now

Everything related to the #GDPR is discussed here. This is the first and only community specifically for GDPR topics which is decentralized and outside of walled-gardens. #EDPB recommendations and guidance can and should also be discussed here.

For the moment, chatter on the similar California Consumer Privacy Act (CCPA) could be discussed at least until the volume of messages compels us to split it into a separate community.

founded 1 year ago

MODERATORS

freedomPusher@sopuli.xyz

~~GDPR requests that must be the only request in a letter (Article 18)~~ or not? (self.gdpr)

submitted 1 week ago* (last edited 1 week ago) by debanqued to c/gdpr@sopuli.xyz

2 comments fedilink hide all child comments

I read somewhere that GDPR requests for restricted processing (Art.18) cannot be combined with any other topic or request. E.g. If you request that they not use your e-mail for marketing purposes.

WTF. Yes, I understand the idea is that if the request stands on its own, it cannot be overlooked. But #GDPR requests are ignored so often that I deliberately combine a GDPR request with another request that is more difficult to ignore. That way when they ignore the GDPR request but treat the non-GDPR request from the same letter, it proves that the data controller received my letter. When a GDPR request is made on its own, they can more easily claim the letter never came and shift the proof-of-delivery burden onto me.

you are viewing a single comment's thread
view the rest of the comments

[–] drre@feddit.org 3 points 1 week ago (1 children)

This does not seem to be correct. The law itself does not specify a specific format nor does it posit a limit on the number of rights exercised per request. Here are some (German) templates which one might use. I'm pretty sure similar documents exist in other EU countries.

https://www.bfdi.bund.de/DE/Buerger/Inhalte/Allgemein/Betroffenenrechte/Betroffenenrechte_Auskunftsrecht.html

https://www.verbraucherzentrale.de/sites/default/files/2019-10/Auskunft_nach_Art._15_DSGVO.pdf

https://www.heise.de/news/DSGVO-So-nutzen-Sie-Ihre-Auskunftsrechte-4429886.html?seite=2

It might be a good idea to send a registered letter with reply advice (Einschreiben mit Rückschein).

Good luck

[–] debanqued 1 points 1 week ago* (last edited 1 week ago)

I wish I kept track of where I read that. Could have been case law, or EDPB guidelines. Maybe I was speed-reading Art.21¶4 (which is really a requirement on the data controller).

It might be a good idea to send a registered letter with reply advice (Einschreiben mit Rückschein).

If I did that it would cost me over €10 for every single request. Even if it leads to lawsuit and the court favors my claim, registered letters are still a loss. They cannot be claimed back in court.