Data Security > 자유게시판

With the rising concerns over personal data privacy, governments and regulatory entities have introduced laws to safeguard individuals' personal information and uphold their rights. In many countries, including the European Union and the United States, individuals have the right to request access to their personal data and have it removed. This process is known as a Personal Data Request.

Requesting access to your data:

To initiate the process of requesting your data, you will need to contact the organization that holds your information. This could be a company you provided information to, a social media platform, or even a government agency. Your query should be in writing, usually in the form of an email or a written notice.

You must provide the organization with some fundamental information, including your name, address, and any other details they may have on you. This is to ensure that they identify your data correctly and provide you with the data you are entitled to. You should also state that you are making a DSAR and what you would like to receive.

The organization has a specific timeframe to respond to your request, usually a legally mandated period. During this time, they may need to request additional information from you to verify your identity. You may also need to explain why you are making the request.

Once the organization has received your request, they will need to provide you with the following information:

• A copy of your personal data
  
• Information about why it was gathered and how it is utilized
  
• Who else has rights to your data
  
• How long your data will be maintained for
  
  

You can also ask for your data to be erased. This is known as a Personal Data Eradication. If the organization has no legitimate reason to keep your data, they will need to delete it.

Deletion of your data:

The process of having your data deleted is more complex. As with requesting access to your data, you will need to contact the organization holding your data and mega888 make a request in writing. You should explain why you want your data erased and confirm that you are the person whose data is being requested for deletion.

The organization will assess your request and, if they agree to delete your data, they will need to follow a process to ensure it is removed from all their systems and records. They may need to notify any third parties who may also hold your data that it should be deleted.

Some exceptions apply to the right to erasure. Data must not be deleted if:

• It is required to fulfill a contractual obligation to you
  
• It is required to fulfill a legal or regulatory requirement
  
• It is necessary for the purposes of public interest
  
• It is necessary for the administration of justice
  
  

What happens if an organization refuses to comply?

If an organization refuses to comply with a DSAR or a request for erasure, you can dispute their decision. You can escalate the matter to a regulatory authority, who will investigate and potentially impose sanctions on the organization if they are found to be in breach of the law.

Requesting access to and having your data deleted can be a intricate process. However, it is an important step in taking ownership of your personal data and ensuring that your interests are protected.