Data Privacy Issues in Respsonding to GDPR Subject Access Request
Published on: 20th December 2018
By PYXI GDPR Team
We've been concerned for a long time that the most significant challenge to responding to Subject Access Requests is the ability for people to verify the identity of the Subject, and ensure that only their data is returned in response to the request.
The story on the BBC reports that an Alexa user was sent the wrong person's data in response to a SAR, which Amazon attributes to human error.
This is a perfect example of the potential weaknesses in the retrieval and supply of personal data when someone invokes a SAR, which will inevitably involve some human handling of the data and personal judgements about the data's relation to the data subject. Somebody somewhere has to decide if it is YOU making the request, and what is scope of YOUR DATA.
The assessment of identity and the checks needed to ensure security, along with the data retrieval, assessment and presentation for the Subject is one of the biggest practical challenges in a GDPR / DPA2018 world.
PYXI GDPR Team: 20th Dec 2018 07:50:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more