Subject Access Request (SAR) Empathy
There are many definitions of empathy but the Wikipedia definition is, ‘the capacity to understand or feel what another person is feeling from within their terms of reference’. This is a little deep for a Monday but I think this is a very important consideration when you reply to any sort of GDPR SAR or complaint.
When you draft your reply, try to think about why the person sent the SAR and respond accordingly, using appropriate style and language. We see a lot of SARs are most are from people who are unhappy about something and not just looking for information about how their data is being processed. They may be disgruntled ex-employees, customers with service issues, candidates that didn’t get the job, or people that just don’t remember contacting you – your reply should address their issue but also consider their feelings and their personal situation.
You must always comply with Article 15 requirements and make sure you meet your GDPR obligations but considering who the data subject is and why they sent the report might just help you respond in the most appropriate way, defuse the situation and avoid any escalation. Take your time when you draft the response – don’t rush – a few extra minutes drafting a good first reply might just save you a huge amount of time later.
Have a great week all.
Déan Teagmháil Linn
Tá súil agam go mbeidh sé seo úsáideach duit. Má theastaíonn Ionadaí AE uait, má tá aon cheist GDPR agat, nó má fuair tú iarratas SAR nó Rialálaí agus má theastaíonn cabhair uait, déan teagmháil linn ag am ar bith. Táimid i gcónaí sásta cabhrú ...
Foireann áitiúil GDPR.
Recent blogs
Navigating the Contradictions: Automated Decision-Making and Regulatory Legislation in AI Systems
The Dilemma of Automated Decision-Making At the heart of AI systems lies the promise of aut
How to Implement the New AI Law in Your Company
The implementation of the AI Act marks a significant stride towards responsible and fair use of art
Article 14 Guide: Meeting Regulatory Requirements for Personal Data Not Directly Obtained from Data Subjects
Imagine a software-as-a-service (SaaS) company looking to grow its clientele by purchasing leads fr