In this video, Mandy Huth discusses response time for data subject's requests. Learn about response required timing, data subject's identity, and extensions.
- [Instructor] One consideration of the data subject's rights is the timing controllers must consider when responding to a request. This consideration applies to all of the data subject's rights. The controller has 30 days to respond to data requests. This is one area where taking a proactive approach can help. Controllers should design the ability to handle these types of requests technically where possible. An example may be tagging their content for easy discovery.
The response made by the data controller should be made in writing or by electronic means. It can also be done verbally so long as the identity of the data subject is proven prior to providing the response. If the controller has a large number of requests, or requests that are particularly difficult, they may use an extension of an additional month. However, the burden of proof is on the controller to demonstrate that the request is excessive.
It is important that controllers consider the overarching principle of prompt response under GDPR and its application to data subject rights.
DISCLAIMER: Neither LinkedIn nor the instructor represents you, and they are not giving legal advice. The information conveyed through this course is not intended to give legal advice, but instead to communicate information to help viewers understand the basics of the topic presented. Certain concepts may not apply in all countries. The views (and legal interpretations) presented in this course do not necessarily represent the views of LinkedIn or Lynda.com.
- Define the objectives of GDPR relating to the personal privacy of citizens.
- Determine the responsibilities of data protection officers under GDPR.
- Identify the rights of citizens in the event of a data breach.
- Review the steps that must be taken in the event of a data breach.
- Describe the notification process in the event of a data breach.