> "This is onerous because Data Subjects can make requests in writing or verbally, and you need to be able to comply with the requests “without undue delay"
I'm sure each case might be different, but I can't but help to think this is just a cheap excuse to inflate the work that is required ro comply with data Protection Regulation.
I've worked already on a few projects involving data protection, and they all boil down to two steps:
- only store anonymous data. No personal data? No problem.
- if you need to store personally identifiable information, support deleting it on request.
It might be easier to incorporate these requirements at the design stage, but by now this is a very basic set if requirements.
I'm sure each case might be different, but I can't but help to think this is just a cheap excuse to inflate the work that is required ro comply with data Protection Regulation.
I've worked already on a few projects involving data protection, and they all boil down to two steps:
- only store anonymous data. No personal data? No problem.
- if you need to store personally identifiable information, support deleting it on request.
It might be easier to incorporate these requirements at the design stage, but by now this is a very basic set if requirements.