We hope you find this useful.
MapSterling are also able to provide a one-pager on each of the individual rights, consents and a few other parts of the GDPR. If you wish to get these documents before general release, would like a high quality copy of this guide or have any other GDPR related queries please contact Enquiries@MapSterling.com.
We would also like to know more about your GDPR journey, please let us know what your biggest concerns are below…
MapSterling 
Can you explain the part about bad retention practices leading to requests for deletion? I don’t understand how that is connected.
LikeLike
Not following a retention policy will mean that data on your systems is held longer than it should be. When an individual requests a SAR they are likely to become aware of this because, for example, you could disclose 15yr old information alongside your notice telling them you have a 10 year retention policy. This could lead to requests for deletion and is also going to publicise the fact that you are not following your own policies. I think the potential visibility of this means it could be quite high risk. Also, be aware you can’t just delete the data before sending the SAR or omit it from the SAR. I’m happy to discuss by phone/email if you’d like to get in touch.
Thanks,
Murray.
LikeLike
*Update*
The GDPR refers to one month, not 30 days. Many companies have interpreted this in different ways however, the guidance seems to support 1 calendar month from the day after a request is received. E.g. A request received on the 10th Jan should be completed by 11th Feb.
LikeLike