We all know about the annoying s#%* show that is GDPR; that annoying little cookie bar that pesters you on every website.
Well what if we used it to our advantage? For every application you send, for every rejection email you receive – there’s a paper trail of data being collected on you and legally you can request this data and thanks to good old GDPR, companies have to provide this to you free of charge.
You also have the ‘right to be forgotten’ where you can request the company to erase all personal data they holds on you.
I’ve even found a free template (you just need to add your personal details on brackets).
To Whom It May Concern:
I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.
In case you are, please, in accordance with Art. 15(3) GDPR, provide me with a copy of all personal data concerning me that you are processing, including any potential pseudonymised data on me as per Article 4(5) GDPR. I am further requesting access to the following information pursuant to Article 15(1) GDPR:
1. the purposes of the processing;
2. the categories of personal data concerned;
3. the recipients or categories of recipient to whom the personal data have been or will be disclosed;
4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
5. where the personal data are not collected from the data subject, any available information as to their source;
6. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for me.
In case you are processing anonymised data concerning me, please not only inform me about that but also explain the procedure used in an easily understandable way.
If you are transferring my personal data to a third country or an international organisation, I request to be informed about the appropriate safeguards according to Article 46 GDPR concerning the transfer.
[Please make the personal data concerning me, which I have provided to you, available to me in a structured, commonly used and machine-readable format as laid down in Article 20(1) GDPR.]
My request explicitly includes any other services and companies for which you are the controller as defined by Article 4(7) GDPR.
As laid down in Article 12(3) GDPR, you have to provide the requested information to me without undue delay and in any event within one month of receipt of the request. According to Article 15(3) GDPR, you have to answer this request without cost to me.
I am including the following information necessary to identify me:
(Enter your identification data here. This often includes information like your name, your date of birth, your address, your email address and so on.)
If you do not answer my request within the stated period, I am reserving the right to take legal action against you and to lodge a complaint with the responsible supervisory authority.
Thank you in advance.
Yours sincerely,
Enter your name here.