Free tools and resources for Data Protection Officers!

Validating The Identity of An Individual Making a Data Subject Access Request

How Far Can I Go TO Validate The Identity of An Individual Making a Data Subject Access Request?

The Article 29 Working Party (an advisory body made up of a representative from the data protection authority of each European Union Member State, the European Data Protection Supervisor, and the European Commission) has confirmed that there are no specific requirements in the GDPR on how to authenticate a person that requests information about themselves and companies are required to establish procedures to ascertain the identity of a requestor to ensure that they do not accidentally disclose personal data to the wrong person.

Source: Bryan Cave – GDPR: The Most Frequently Asked Questions: How Far Can I Go To Validate The Identity of An Individual Making a Data Subject Access Request?

>