As a Data Protection Officer for a small bank in the European Union, you receive a data subject access request from one of your customers. The customer provides you with his
name, and has used the email address registered in your system.
What would be the most appropriate way to confirm the identity of the customer?
According to the CIPP/E study guide, data controllers should use the least intrusive means of verifying the identity of data subjects who make requests under the GDPR. Asking for a copy of an ID document or a bank account statement may be disproportionate and excessive, as they contain more personal data than necessary for authentication. Asking for the bank account number may not be sufficient, as it may be easily obtained by third parties. Therefore, the most appropriate way to confirm the identity of the customer is to ask additional security questions that only the customer would know, such as the date of the last transaction, the amount of the last deposit, or the name of the beneficiary of a recurring payment.
Golda
2 months agoGoldie
2 months agoReyes
2 months agoCaitlin
2 months agoNell
2 months agoArlette
2 months agoStefanie
1 months agoLaila
1 months agoXochitl
2 months agoMariann
2 months agoEdelmira
3 months agoCaitlin
3 months agoReid
2 months agoKenneth
2 months agoGianna
2 months agoMicah
3 months agoSabra
3 months agoAvery
2 months agoAvery
3 months agoMadelyn
3 months ago