LegaLogic-Data Privacy Newsletter: Privacy Requests by Individuals – Vol. 9- October 2021

Data privacy laws across the globe empower individuals to have control over their personal data by providing for certain legal rights that can be enforced against entities that handle personal data (“Privacy Rights”).

A ‘privacy request’ is a request sent by an individual to organisations handling/processing their personal data. Individuals can manage their personal data and enforce their Privacy Rights by sending in such requests (“Privacy Requests”). Processing of personal data consists of activities such as access, collection, storage, processing, transmitting, or otherwise handling of personal data (“Processing”).

Data privacy regulators actively ensure that all organisations handling personal data strictly follow legal obligations and respond to the Privacy Requests. We have listed some of the common types of Privacy Requests and the steps an organisation must take while responding to Privacy Requests.

TYPES OF PRIVACY REQUESTS

PREPAREDNESS FOR RESPONDING TO PRIVACY REQUESTS

Below is a practical checklist on responding to Privacy Requests for organisations handling personal data:

CONCLUSION

• Responding to Privacy Requests is a legal obligation in various laws across the globe. If organisations Processing personal data are non-complaint with the laws, it may lead to fines, penalties, scrutiny by regulators and enforcement orders. A single mishandled Privacy Request can open a ‘pandora’s box’ resulting in a thorough scrutiny of an organisation’s privacy compliance and leading to a loss of reputation.

• The second driving factor for implementing Privacy Request processes is for building customer trust, each satisfactory interaction with an individual adds to a brand’s reputation as a privacy conscious organisation.