If you’ve been the subject of a data breach, you may wish to make a GDPR Subject Access Request to the organisation that should have been looking after your data. There is no cost, and it’s a simple process. Just customise the template below and send it to the organisation’s Data Protection Officer:
Subject Access Request (following data breach)
To Whom It May Concern,
I am writing to make a subject access request under the General Data Protection Regulation (GDPR) in light of the recent data breach that has been reported by your organisation. I am extremely concerned about the safety and security of my personal data and would like to request any information that you hold about me, including but not limited to my personal data, any processing activities that have been carried out on my data, and any third parties that my data has been shared with.
I would like to receive this information in a format that is easily readable and understandable. Please provide me with an electronic copy of the information, if possible. I would also like to request that any sensitive personal data, such as financial information or information related to my health, be provided to me in a secure and encrypted format.
In addition, I would like to request the following specific information related to the data breach:
- The date and time of the breach
- The nature and extent of the personal data involved in the breach, including a detailed description of the types of data that have been compromised
- The scope of the data breach, how many individuals have been affected and where their personal data was compromised
- The cause of the breach and any measures that have been taken to prevent a similar incident from happening in the future
- The measures that have been taken to address the breach, including any steps taken to mitigate any potential harm to affected individuals, and the support provided to affected individuals
- Any notifications that have been made to the relevant supervisory authority or to affected individuals, including a copy of the notification(s)
- The contact information of a representative who can provide me with further information about the breach, including their name, position, and contact details
- Information about the data retention, how long my personal data will be retained after the data breach and how it will be securely deleted
- A copy of the incident response plan and the data protection impact assessment that the organisation has carried out in relation to the data breach, as well as any internal reports or audits that have been conducted.
I would also like to request the following specific information related to the storage and security of my personal data:
- The countries in which my personal data is stored and the legal basis for the data transfer
- Information about the encryption of my personal data, including the type of encryption used and whether the encryption is applied at rest and in transit
- Information about the technical measures in place to ensure the security of my personal data, including firewalls, intrusion detection systems, and other security controls.
I would also like to remind you that under GDPR, I have the right to receive suitable compensation for any distress caused by the data breach. I would therefore like to request that you provide me with details of any compensation that is available to me, as well as the process for making a claim.
If you require any further information from me to locate the personal data, please let me know.
Thank you for your prompt attention to this matter.
[Your Contact Information]
Note: You should include a copy of your ID or any document that can prove your identity.
Disclaimer: The information provided on this website is for general informational purposes only and is not intended to be legal advice. The information contained on this website should not be relied upon as legal advice and does not create a solicitor-client relationship. The information provided on this website is not a substitute for professional legal advice and should not be relied upon as such. Please consult a qualified solicitor in your jurisdiction for specific legal advice. By using this website, you agree to hold harmless the website owner and its affiliates from any claims, losses, or damages arising from the use of the information provided on this website.