Auf Grund des Auskunftsrechtes können Personen mittels Anfrage Unternehmen auffordern, ihnen Auskunft über die Speicherung und Verwendung ihrer Daten zu geben. In diesem Fall spricht man von einer Betroffenenanfrage. Die Bearbeitung von Betroffenenanfragen kann nicht nur zeit- und kostenintensiv sein, sondern auch das ein oder andere Risiko bergen, sofern die Bearbeitung manuell erfolgt. Sehr schnell können durch einen Datenschutzvorfall oder schlechte Presse unverhältnismäßig viele Anfragen eingehen und viele personelle Ressourcen in Anspruch nehmen. Ohne ausreichende Vorbereitung ist es unmöglich, im Ernstfall hunderte oder tausende Anfragen in der gesetzlich vorgegebenen Frist zu beantworten.
In principle, the respective request can be made informally, also orally, and has to be settled immediately, at the latest, however, within one month from the request. The deadline may be extended by two months if the processing of the application is complex and there is a large number of requests to be processed. In this case, however, the responsible party must inform the applicant of the reasons for the delay.
In order to process the application properly, all data such as name, telephone number, e-mail address, contact details, address, correspondence, invoices, contracts, etc. must be located. Here, care must be taken to ensure that the identity of the applicant is clarified beyond doubt.
In principle, the processing of the application shall be free of charge. A fee may be charged only if the requests are manifestly unfounded or, in particular, excessive because of their frequency.
Following the processing of the application, the person concerned shall be informed in writing about the measure carried out. The communication must be compact, transparent and understandable for the person concerned. Electronic media, such as email, may be used if the application was submitted electronically. However, upon express request, the averment shall be delivered on paper. Verbal notification is only permissible if the identity of the person has been established beyond doubt.
Fines for violations of data subjects’ rights are up to € 20 million or 4% of last year’s annual worldwide turnover. In the worst case, this can threaten the existence of the company. Therefore, it is recommended to invest in an automated process to be on the safe side.
Automating this process reduces the workload from several hours to just a few minutes. Consequently, the risk of not acting in compliance with the GDPR decreases considerably. The easyGDPR data subject request software manages data subject requests in an automated manner. You keep the overview and also prevent legal disputes, by not or not timely answered the requests. In addition, computer-aided processing avoids errors that can happen very quickly with manual preparation.