When Can You Refuse a Data Subject Request?
|

When Can You Refuse a Data Subject Request?

ByPrivacyiQ

Under GDPR, companies can refuse rights requests that are manifestly unfounded or excessive. Learn when and how to lawfully say no. You can refuse to act on a GDPR request if it’s manifestly unfounded or excessive. This includes: If you refuse, you must: 💡 Tip: Keep a clear record of all refused requests and your…

How Long Should You Keep DPIA Records?
|

How Long Should You Keep DPIA Records?

ByPrivacyiQ

DPIAs must be documented — but for how long? Here’s what the UK GDPR says about retention. There’s no legal time limit for DPIA retention, but regulators expect documentation to be available for: Don’t forget: DPIAs should be reviewed if the risk landscape changes. Privacy IQ helps clients set smart DPIA retention and review policies.