A few days ago I sent a GDPR request to some company to delete my personal data. They said to install their app and send a ticket from the app. The email was sent from the email address to which the account is registered. Is this even legal?

  • el_abuelo@lemmy.ml
    link
    fedilink
    arrow-up
    4
    arrow-down
    11
    ·
    1 year ago

    How do you know this?

    My first thought was “they probably want to ensure they are who they say they are and so want an authenticated request” - while that’s against GDPR, not everyone is as educated as they should be, and not every mistake is a nefarious activity.

    • sanpo@sopuli.xyz
      link
      fedilink
      arrow-up
      28
      arrow-down
      1
      ·
      1 year ago

      There’s no reason an app should be more trustworthy than the email.
      It’s pretty standard for scummy companies to make the process as annoying as possible.