[frenchyatwork]

This raises an interesting question. Let's say I have a data-set that contains a lot of photos of people, but I don't know who; or maybe I think I know who, but there's 20% chance there are people who are in these photos that aren't successfully tagged.

Now, lets say someone who I don't have on my list asks for the data I have of them, and I tell them I don't have any, but really they're one of the untagged people. Have I broken the rules? Presumably not.

What if someone requests the info I have on them, I tell them nothing, but then later on I realize that one of these photos actually was a picture of them. Should I then try to follow up with them and make a correction?

I'm curious. I think the GDPR is great. These are important problems.