|
|
|
|
|
|
by rstephenson2
3016 days ago
|
|
|
One interesting part about this is that it's a letter, and the author never explicitly mentions that it was sent in an email. Assuming this letter arrives in the post one day, what do you do? Ask them to email you for verification? Send you one of their 2FA codes? What if your site doesn't have a login? Can they send you a screenshot of their IP address as verification? I get why the EU didn't want to overly specify the method, but it creates a lot of uncertainty about what processes are allowed/required. And with the pressure of gigantic fines on the line, it seems like GDPR opens up a significant vector for stealing other people's information via GDPR requests. |
|
|