A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

They were very friendly imo. No need to speak legalese or to be rude.

Just tell them that you can’t or don’t want to install the app.

If they don’t help you, then you proceed to remind them that you are not required to install anything for them to comply with GDPR.

Being friendly doesn’t negate the fact that they are out of compliance with the law. Even sending a second email to insist they delete your data is an undue burden.

You’re right, but sometimes a bit of undue courtesy repays in dividends. Not every minor infraction is nefarious and not every minor infraction deserves reporting. A simple courteous reminder of their obligations may save both parties some undue hassle.

I can imagine this company doing this to ensure only authenticated users can have their data removed. There are other ways…but this was probably what they considered reasonable and painless for all, admittedly they (wrongly) didn’t consider the audience of this community in that decision.

A simple courteous reminder of their obligations may save both parties some undue hassle.

Actually, the customer is already getting undue hassle, while the company is just breaking the law. Why can’t we just expect better?

falsem
link
fedilink
11Y

Remember that you’re talking to some poorly paid person that has to deal with unhappy people all day and probably doesn’t even agree with these policies. This is no different than being in a restaurant - don’t be rude to service people. Be polite, but firm. You can express that you’re unhappy and that this isn’t acceptable in a way that doesn’t come off as berating some first level service drone.

Nobody broke the law lol.

I believe they have like a month to comply.

The just asked for a ticket in the app, to make their lifes easier. If OP doesn’t want to, they still have to comply though.

Now I remember why I hate working directly with customers.

I believe they have like a month to comply.

According to my training when I was handling my workplace’s GDPR request email companies have 30 days to respond. Meaning they could simply have a bot respond to all incoming emails on day 29 and say “we’re reviewing your request” and be in compliance for a while longer

There’s a good chance the customers just don’t like you.

ΛdΛm_𝒷
banned
link
fedilink
22
edit-2
5M

removed by mod

It’s the bare minimum of friendliness expected in customer care. Most likely a macro which is normal with these kind of requests.

Create a post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

  • 0 users online
  • 57 users / day
  • 383 users / week
  • 1.5K users / month
  • 5.7K users / 6 months
  • 1 subscriber
  • 3.13K Posts
  • 78.3K Comments
  • Modlog