Skip to content

GDPR Step 02: Access Requests for GDPR

Under GDPR, your business must provide consumers with the ability to request access to their personal data and respond to their requests within one month. You may also request a two month extension for a legitimate reason or if a delay occurs in processing their request.

Here’s how to enable consumers to exercise their data subject rights.

1. Provide users with ways to submit their access requests

To fulfill this obligation, you must explain one or more secure ways for consumers to submit data subject requests in your Privacy Notice. Typically these are:

  • A form or Privacy Center to automatically accept requests from consumers.
  • An email address or customer support system to intake consumer requests.

2. Collect information necessary to identify the user

As the business receiving the request, you are responsible for verifying the identity of the consumer.

To minimize privacy risks, you should not request additional information that you do not already have to verify a user’s identity. For example, if you don’t already have their driver’s license, don’t ask for it to process privacy requests.

The most common method to verify a user’s identity is sending a verification code to their email address or phone number. This MFA code will help you confirm the identity of the consumer making the request.

3. Retrieve users' personal data from your systems

After approving users' requests, you must then retrieve all of their data across your organization and present them with a copy of it.

If you are doing this manually, make sure you are not returning confidential company information, data belonging to another user, or any non-personal and non-essential information.

Manual access request processes can be costly, labor-intensive, and risky. Therefore we strongly recommend using an automated system such as the Fides privacy engineering and intelligence platform to automate this process end-to-end for you.

Need more help with Access Requests? Ask a question in the Fides Slack Community.

For more information about the Fides Privacy engineering and intelligence platform automates access requests, get in touch now (opens in a new tab).