top | item 42583991

(no title)

loftsy | 1 year ago

I called the ICO a few years ago asking how to comply with an ex-employee GDPR data request for access to their emails. Their recommendation: read them all to determine which contained personal data.

When I told them I (as a 5 person business) obviously don't have time to go through 1000s of old emails they reacted with surprise to the amount of emails. I guess they don't send many. They didn't offer any other solution.

As others have mentioned this org is a tax on all UK business.

discuss

mytailorisrich|1 year ago

"For personal data protection purposes, your emails were deleted when you left the company" ;)

swiftcoder|1 year ago

Yeah, this. The easiest way to comply with the GDPR is not to store personal data. The second easiest is to delete it as soon as it is no longer required (this includes from backups!)