cross-posted from: https://lemmy.world/post/7204240

A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

"Good day,

Thank you for contacting us regarding the deletion of your account.

Please contact us in the application to delete your account and verify your information.

If you have any further questions, we are at your disposal."

  • jonathan@lemmy.zip
    48·
    4 days ago

    Ask them who their nominated data controller is, then email that person. It’s worked very well for me in the past, like they automatically flagged them for the words “data controller”.

    • hikaru755@lemmy.world
      9·
      3 days ago

      I think you’re talking about the “data protection officer”, not “data controller”. The first one is a designated person within the company, the second one the company itself (at least for B2C software companies, usually)

      But also, be aware they might not have a BPO, depending on company size they might not need one