this post was submitted on 25 Jun 2023
984 points (99.6% liked)
13638 readers
2 users here now
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I would be really surprised if it isn't automated. I would think they just delay as long as possible to provide the info back.
You’d be surprised. I’ve worked with some even pretty large companies that just don’t have a good process for this and rely on people doing some semi-manual process to prepare a response. My current employer got swamped with requests unexpectedly and had a hard time dealing with them all.
Interestingly finding them was the hardest part because requests can come in to any part of your business, even via social media: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#socialmedia
Not that easy, it's not a simple SQL query: https://gdpr.eu/checklist/
If they give you some data under that framework, then it implicitly means that legally they acknowledge that they have checked all of those boxes. So before they give you the data there are probably lots of "are we incriminating ourselves by giving this guy this piece of data?" questions that they're asking themselves.
shh... some developers in my team would take that as a challenge and cook up a 3000 lines long stored procedure