When a company receives a request for information, a process begins that can be very simple or very complex – depending on the complexity of the processing and the structure of the company and its systems, but also depending on the context: Often, if not usually, requests for information are not about an innocent inquiry, but about a hidden (or not so hidden) agenda. Especially then, questions arise, for example, about the refusal or restriction of the information. The question also arises as to whether it is sufficient to provide information only about certain data in a first step and to provide further information in a second step after the data subject has specified the data, and within what period of time the request must be answered.
We – Walder Wyss with Simon Henseler, Hannes Meyle, Anne-Sophie Morand and Kento Reutimann – have illustrated the procedure under the new DPA and the Ordinance in a flowchart that can be downloaded here:
We are grateful for suggestions for adaptation and improvement!