Data Subject Rights | Subject Access Request (DSAR)

Verifying Identity Before Fulfilling a GDPR Request

ByPrivacyiQ 8 July 20256 July 2025

You can ask for ID before fulfilling GDPR requests — but only when necessary. Here’s how to verify identity without breaching privacy.

The UK GDPR allows companies to request ID if they have reasonable doubts about the identity of the requester.

But be careful — asking for too much ID or failing to protect it can create its own risks.

Best practice:

Only ask when necessary (e.g. requests from non-company emails)
Set a clear retention policy for ID documents
Avoid collecting more information than needed

💡 Tip:

Use secure portals or encrypted email to exchange ID documents. Never request personal data over open email.

Data Retention | Subject Access Request (DSAR) | Subject Access Request (SAR)

Retention and Subject Access Requests: What You Don’t Keep Can’t Hurt You

ByPrivacyiQ 6 June 2025

Subject access requests are easier (and cheaper) if you delete what you no longer need. Here’s why that’s strategic. Subject access requests (SARs) are rising — and they are expensive. But here’s the secret: the less data you hold, the less you have to search, redact, and disclose. Retention policies don’t just reduce legal risk….

Automated Decision Making | Data Subject Rights

3 of 5: What Article 22 Says About Automated Decisions — and Why It Matters

ByPrivacyiQ 24 July 2025

Article 22 of the UK GDPR restricts fully automated decisions that impact individuals. Understand what this means for AI, recruitment tools, and data-driven profiling. As companies adopt automation in everything from hiring to credit scoring, it’s vital to understand the limits imposed by Article 22 of the UK GDPR. This provision protects individuals from being…

Data Subject Rights | Right to Object

2 of 5: How to Handle Objections to Direct Marketing Under UK GDPR

ByPrivacyiQ 18 July 202517 July 2025

Under Article 21 of UK GDPR, individuals can object to direct marketing at any time. Learn how your company must respond — and what compliance looks like in practice. Marketing teams rely on data to reach the right audience — but under Article 21 of the UK GDPR, individuals have an absolute right to object…

Data Is Collected Directly or Indirect | Data Subject Rights

Article 13 vs Article 14 of the UK GDPR: What’s the Difference and Why It Matters

ByPrivacyiQ 14 July 202511 July 2025

Understand the key differences between Articles 13 and 14 of the UK GDPR, and why your company must tailor privacy notices depending on how personal data is collected. Companies often overlook the difference between Article 13 and Article 14 of the UK GDPR — yet getting this wrong can lead to non-compliance and ICO scrutiny….

DPIA | DPIA Fundamentals

Your DPIA Template – What to Include

ByPrivacyiQ 22 June 202517 June 2025

Need a DPIA template? Here are the key sections every template should have to pass scrutiny. A strong DPIA template does more than tick boxes — it supports real insight. At a minimum, yours should include: Privacy IQ supplies templates aligned with ICO guidance, customised for your sector and team maturity.

Automated Decision Making | Data Subject Rights

Understanding Automated Decision-Making and Profiling

ByPrivacyiQ 5 July 20252 July 2025

Under Article 22 of the UK GDPR, individuals have rights related to automated decision-making and profiling. Learn how companies should respond. Article 22 of the UK GDPR gives individuals the right not to be subject to decisions based solely on automated processing, including profiling, if it produces legal or similarly significant effects. This affects: Where…

💡 Tip:

Similar Posts