- cross-posted to:
- virginia
- cross-posted to:
- virginia
https://www.reddit.com/settings/data-request
Having worked at a company that had a massive influx of GDPR requests we weren’t prepared for, this one could actually cause them some trouble if Reddit don’t have that process properly automated.
I would be really surprised if it isn’t automated. I would think they just delay as long as possible to provide the info back.
You’d be surprised. I’ve worked with some even pretty large companies that just don’t have a good process for this and rely on people doing some semi-manual process to prepare a response. My current employer got swamped with requests unexpectedly and had a hard time dealing with them all.
Interestingly finding them was the hardest part because requests can come in to any part of your business, even via social media: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/right-of-access/how-do-we-recognise-a-subject-access-request-sar/#socialmedia
Not that easy, it’s not a simple SQL query: https://gdpr.eu/checklist/
If they give you some data under that framework, then it implicitly means that legally they acknowledge that they have checked all of those boxes. So before they give you the data there are probably lots of “are we incriminating ourselves by giving this guy this piece of data?” questions that they’re asking themselves.
shh… some developers in my team would take that as a challenge and cook up a 3000 lines long stored procedure