In this video, Mandy Huth discusses response time for data subject's requests. Learn about response required timing, data subject's identity, and extensions.
- [Instructor] One consideration of the data subject's rights is the timing controllers must consider when responding to a request. This consideration applies to all of the data subject's rights. The controller has 30 days to respond to data requests. This is one area where taking a proactive approach can help. Controllers should design the ability to handle these types of requests technically where possible. An example may be tagging their content for easy discovery.
The response made by the data controller should be made in writing or by electronic means. It can also be done verbally so long as the identity of the data subject is proven prior to providing the response. If the controller has a large number of requests, or requests that are particularly difficult, they may use an extension of an additional month. However, the burden of proof is on the controller to demonstrate that the request is excessive.
It is important that controllers consider the overarching principle of prompt response under GDPR and its application to data subject rights.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Compliance deadlines and penalties
- Data controllers and data processors under GDPR
- Exploring the role of the data protection office
- Technical measures outlined in the GDPR
- Reviewing the right to be forgotten and the situations that allow erasure
- Rules for children under the age of 16
- Breach notification