You’ve Received a Vague Data Access Request — What Now?

Welcome!

Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

All Posts People Badges

Tags (View all)

Data Privacy IDT Tech Privacy DSR Data Mapping

About this forum

You’ve Received a Vague Data Access Request — What Now?

DSR

49 Views

CKonnect

A user sends a message saying, "I want to know what data you have on me." There is no mention of the specific right being exercised, no user ID, and the email is from a generic Gmail account. Your organisation operates globally and is subject to both GDPR and CCPA.

How would you handle this request?

What steps would you take to verify the identity of the requester?
Would you treat it as a formal DSR? Why or why not?
What would be your first response to this vague request?

Explain your approach clearly — think legal requirements, practical steps, and risk mitigation.

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts		Replies	Views	Activity
Can You Deny a DSR if the Request is Weaponized? DSR		0 May 25	29
How Would You Respond to a "Right to Be Forgotten" Request from an Ex-Employee? DSR		0 May 25	36

Welcome!

This question has been flagged

Enjoying the discussion? Don't just read, join in!

Follow us