WingNews logo WingNews
top | item 16788157

(no title)

borne0 | 8 years ago

I've had to deal with this at work (anticipatory only so far), but what I can't seem to figure out is what the inquiring European needs to provide to us to prove that the data we have is actually theirs. We don't capture pii data in most instances, so if someone requests their info under GDPR and provide us an IP and a time do we take them at their word?

discuss

order

mtremsal|8 years ago

There's clear language in the regulation on the obligation to validate the identity of the data subject.

How to do that in a satisfactory manner... leading practices might take a few months to crystalize.