I am writing to you in your capacity as data protection officer for your company. I am a customer of yours, and in light of recent events, I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information pursuant to <latest nasty cybersecurity event or thing in the news>.
The Nightmare Letter: A Subject Access Request under GDPR (cache)
I wonder how many companies have the resources to deal with that and how it may impact the concurrence. How easy is it for a big company to overflow a small one with such time consuming requests? Apart from users (and it remains debatable with unavoidable consent (cache)), who will benefit from it?