
Show HN: GDPR templates to request/erase personal data - mrleiter
https://www.dropbox.com/sh/qx3oi27mgtxkqgd/AAB5Me8UT2XA7GVv3wGjH9CYa?dl=0
======
pbarnes_1
No one's going to delete data without authentication. You could be anyone
sending these.

~~~
mrleiter
Good point. You can avoid this by sending this request when you are logged in
(by copying the message) or by verifying this via an email sent to/from the
registered one

------
SanderSantema
You can also ask for any data they had collected concerning you. This is cost
free under GDPR but only the first time you request it.

No authentication shouldn't be a problem, they'll often just respond asking
you for authentication.

------
mrleiter
I have drafted these today - if you have any comments, please tell me, I am
happy to develop this further :)

~~~
ameesdotme
As pbarnes_1 said, I'd recommend adding some form of authentication. Perhaps
you can instruct the service to send the requester instructions to provide
proof that they are the owner of the account.

