What should you do with automated data subject requests?

Legal IT Group
Contact
Privacy Program Crash Test
data subject requests
icon

THE CONTEXT OF THE ISSUE

To respond or to ignore — that is the question

Have you received a data subject request from PrivacyBee, Incogni, DeleteMe, Optery, or a similar platform?
These services allow individuals to send centralized requests to multiple companies to delete or access their personal data.

It may feel like spam, especially if you receive a high volume of nearly identical requests. But that’s not always the case.
Since such requests are automatically generated, the question arises: are they legally valid?

Why are automated data subject requests so hard to handle?

  • Lack of clear guidance

    The GDPR does not contain specific instructions on how to deal with such requests. As a result, the general rule is often applied: the controller must respond within one month.
    01

  • Identity verification

    The GDPR allows controllers to request additional information to verify the requester's identity. However, there are no clear criteria when it comes to automated requests.
    02

  • Excessive requests

    Suppose you receive multiple repetitive requests from the same individual. In that case, the GDPR allows controllers to charge a reasonable fee or even refuse to act, but only if the requests are “manifestly unfounded” or “excessive.” The burden of proof lies with the controller.
    03

  • Regulation in the U.S.

    This depends on the state. For example, in California, the controller is only required to respond to verifiable consumer requests. If verification is not possible, the controller may deny the request and must inform the requester accordingly.
    04
title_icon

INSIGHTS

  • A clear action plan is the foundation of compliance

    icon
    Automated requests require a prompt and coordinated response. Developing a clear internal workflow helps avoid mistakes and uncertainty.

  • Let technology work for you

    icon
    Automating identity verification and request handling reduces the burden on your team, prevents requests from being overlooked, and minimizes human error.

  • Data protection is everyone’s responsibility

    icon
    Handling these requests is not just a job for the legal team or the DPO. Train all relevant staff to recognize such requests and know the appropriate next steps.

  • Documentation is your safety net

    icon
    Keeping detailed records of how each request was handled can protect you during audits or legal disputes.

Respecting and facilitating individuals’ rights is not just a legal requirement; it’s essential to building lasting trust with your customers.

Automated requests are already a reality. The proper response is to act proactively.

Legal IT Group

Nova Post

International logistics company

  • we provide personal data protection services in Ukraine

  • we provide GDPR-compliant personal data protection services

Viyar

Leading Ukrainian company in the sale of furniture components

  • we helped in building the privacy program and GDPR compliance

Hyalual

Global developer and manufacturer of solutions for aesthetic medicine

  • we provided support with data privacy compliance

Readdle

Product IT company engaged in application development

  • we worked with the Readdle team on their data flow mapping

  • we helped them to add even more transparency to the relationship between Readdle and their customers

WildCraft

Online animal life simulator

  • we act as a DPO

  • we help with other legal tasks

Spark

Fast cross-platform email designed to filter out the noise

  • we are honored to act as DPO for Snovio.io

  • we help with other legal issues

Englishdom

Online school for learning English

  • we helped with solving GDPR compliance issues

Snov.io

Smart automation of cold sales

  • we are honored to act as DPO for Snovio.io

  • we help them with other legal tasks

Cristaline Aligners

An innovative system of aligners made in Germany

  • we conducted a comprehensive GDPR consulting

Bio IMPLANTS

Dental implants and dental instruments

  • we acted as a DPO and helped with solving GDPR issues

ENAVATE

Consulting company, a leading Microsoft partner

  • we provided GDPR audit services

  • we prepared GDPR documents and GDPR trainings

Odeeo

Innovative in-game audio advertising platform

  • we were glad to enhance the product by developing a Compliance Rollout Programme

  • we act as a DPO

Tomi.ai

Prediction market platform

  • we created the Terms of use

  • we developed GDPR policies

YOJJI

A web development company that creates advanced software solutions

  • we helped with GDPR compliance

CREOTEAM

Ukrainian video game development and publishing company

  • we were pleased to help Creoteam with GDPR compliance

Binotel

Virtual PBX
binotel

  • we provided consulting services in the field of privacy

binotel
More cases

blog_iconCurrent and practical articles on the topic

  • Data protection officer
  • AI compliance officer
  • Data privacy compliance
  • Дія.City
  • Digital Millennium copyright Act
  • Торгова марка в IT
Go to Blog

We write about what we practice

IP, GDPR, contracts and disputes, as well as the legal aspects of implementing technologies like artificial intelligence or sharing best practices for delivering practical legal solutions.
An inquiry is the first step to resolving a legal issue
Your request to Legal IT Group
up to 500 characters
Email
a@legalitgroup.com
Phone
+38 (044) 205-54-10
Send to Telegram

Our expert is always in touch to help you deal with legal issues.

You will be answered:

Anton Tarasiuk
Managing partner в Legal IT Group
Write in Telegram
An error occurred
The request has been sent Thank you for your message! We will process it as soon as possible.
  • How do you work with IT companies?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into agreements with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How to protect your copyright in IT?

    To protect your copyright in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How quickly do you respond to requests?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.

  • How do you ensure privacy?

    To protect copyrights in IT, it is important to record your authorship (date of creation, registration with Ukrpatent), enter into contracts with clear terms, use product licenses, sign NDAs with partners, and implement digital watermarks or signatures in products. If your rights are violated, contact legal experts, such as Legal IT, who can help you monitor violations and take legal action to protect your intellectual property.