Time Limits for Responding to Privacy Requests

hourglass-1
 

Many businesses dread receiving a privacy request from one of their consumers. If you haven’t prepared in advance, they can be daunting because there are many unfamiliar rules to follow, and getting it wrong can result in a complaint to the enforcement officials. Added to this stress is the fact that all privacy requests must be fulfilled within a specified time limit.

That time limit varies by request type and by jurisdiction, so keeping track of it all can be a bit confusing. On top of that, some jurisdictions require businesses to offer an appeal process to consumers whose requests were denied, and those appeals also must be completed within a certain amount of time.

To help keep it straight, we’ve provided the quick reference chart below, which covers U.S. privacy laws along with PIPEDA (Canada) and the GDPR (EU).

Note: In many instances, there will be two numbers (e.g., “45 days + 45 days”). This is because some privacy laws allow businesses a one-time extension on the timeframe if they are unable to complete the request on time. So in this example, the business should complete the request within 45 days, but it may extend for another 45 days if necessary. However, the business must notify the consumer of the extension within the original time period, and explain the reason for the delay.

request-time-chart

Automate Your Request Processing

Handling privacy requests is complicated, and not just because of the differences in time allowed. Responding efficiently and adequately requires an understanding of what’s required for each request type, as well as a full data map of how your business collects, uses, and discloses personal information. Trying to do it on the fly can easily lead to dissatisfied consumers, triggering complaints and potential enforcement action.

TrueVault relieves the burden of privacy compliance. Designed by attorneys, TrueVault is a software solution that guides you step-by-step through the process of getting your business compliant, and then helps you stay compliant by responding to consumers’ privacy requests. Through our software integrations and automated workflows, your business can manage privacy requests with minimal effort, often with no human intervention at all.

Contact our team to learn more and schedule a demo.

Schedule Call