> For the complete documentation index, see [llms.txt](https://whitepaper.open-data-rights.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://whitepaper.open-data-rights.org/background/data-request-practice.md). # Data Request Practice The brief [GDPR introduction](/background/gdpr-and-data-requests.md), which only covers a subset of the GDPR, means that companies must adjust many of their processes to become compliant. Yet, despite four years gone by since the passing of the GDPR, many organisations still lack rigorous processes for dealing with personal information and subject data rights. This applies more so for the data rights that subjects enjoy. In a litmus test for data access requests conducted in 2020, 59 organisations received requests for data access. At the 30 day mark, little over half of surveyed organisations had succeeded in responding to the data request. Even after 90 days, 20% of data requests remained unresolved, despite repeated attempts at progress. ![](/files/-MN86QiMQz_INkkKqyxq) Looking at individual requests reveals a picture of organisations figuring out processes as they go. Some gathered information over insecure channels such as email, while other performed little validation of user identity. The poor security of data request practices are corroborated by a wide gamut of researchers, eg. [Martino et al. (2019)](https://dl.acm.org/doi/10.5555/3361476.3361504), [Pérez-Solà et al. (2019)](https://doi.org/10.1007/978-3-030-31500-9_5) and [Boniface et al. (2019)](https://doi.org/10.1007/978-3-030-21752-5_12). Meanwhile, large tech companies have the legal and engineering resources available to construct infrastructure that is capable of servicing data requests at scale. Yet, all solutions available (by e.g. Google, Apple, Facebook, Twitter, Spotify) are custom-made and homebrew. This makes it hard for other organisations to follow suit, while citizens face multiple interfaces and paradigms for achieving the same basic task. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://whitepaper.open-data-rights.org/background/data-request-practice.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.