Get called
Demonstration
To process your request, we need to process your personal data. Find out more about the processing of your personal data here.
Guide and ready-to-use email templates for responding to GDPR rights requests
About us
30% of CNIL (National Commission for Information Technology and Civil Liberties) sanctions concern failure to comply with the exercise of rights.
At Dipeeo, we see it every day: GDPR requests GDPR on the rise within companies.
The reason? Citizens are becoming increasingly well-informed, cases are receiving media coverage, and there has been a proliferation of tools that collect personal data (CRM, HR tools, marketing platforms, business software).
However, the GDPR clear: these rights must be easy to exercise, free of charge, and handled efficiently.
Clients, prospects, employees, former employees, candidates... anyone can exercise their rights at any time.
Above all, a request can come from anywhere: to a generic address, via a form, to client service, marketing, HR, a manager, or even verbally. The channel is irrelevant under the GDPR.
Once a request has been made, it must be taken into account.
And your company is on the front line
Right of access, erasure, objection... GDPR rights requests GDPR now one of the main reasons for complaints and penalties.
In 2024 and 2025, the CNIL (National Commission for Information Technology and Civil Liberties) dozens of decisions related to poorly handled requests: late, incomplete, non-existent, or impossible to prove responses.
In most cases, these are not complex situations, but rather a lack of method, organization, or traceability.
A guide to stop improvising when dealing with GDPR requests
This guide has been designed for all companies that want to respond correctly, on time, and without stress, even without GDPR expertise.
It helps you turn a legal claim into a clear, controlled, and traceable process, rather than a source of tension, wasted time, or risk.
Who is this guide for?
This guide is intended for all organizations, public or private, regardless of their size, and in particular:
-
Legal officers and DPOs
-
Human resources
-
Marketing, sales, and client support
-
Senior management and managers
Any person who may receive a request for rights, by email or any other channel
What you will discover in this medium :
A clear understanding of GDPR rights
What are the rights (access, erasure, objection, portability, restriction, etc.), who can exercise them, and in what circumstances.
A step-by-step method for handling each request
From receipt of the request to the final response: qualification, verification, actions to be taken, compliant response, compliance with deadlines.
Ready-to-use email templates
Acknowledgment of receipt, response to a request for access, erasure, or objection, extension of deadline, reasoned refusal. Ready-to-use emails that comply with the requirements of the CNIL (National Commission for Information Technology and Civil Liberties).
The most frequently penalized errors
Deletion instead of opt-out, no response, partial response, lack of evidence. Concrete examples from CNIL (National Commission for Information Technology and Civil Liberties) audits.
What the CNIL (National Commission for Information Technology and Civil Liberties) really CNIL (National Commission for Information Technology and Civil Liberties) in the event of an inspection
Written procedure, request log, evidence, deadlines, clearly defined roles. You know what to show and how to demonstrate your compliance.
Be ready before a request arrives
Checklist and best practices to avoid suffering from the first claim of rights.
Further information
Discover our article: GDPR individual rights GDPR Your key obligations.
At Dipeeo, we support nearly 500 companies and handle requests to exercise rights on their behalf on a daily basis.
Since October 2025, we have seen a fivefold increase in the volume of requests processed, with a sharp rise in HR litigation contexts.
This guide is directly derived from:
-
real-life situations encountered in business,
-
the specific expectations of the CNIL (National Commission for Information Technology and Civil Liberties),
-
errors that most often lead to a penalty.
"In most of the CNIL (National Commission for Information Technology and Civil Liberties) audits we assist CNIL (National Commission for Information Technology and Civil Liberties) , the difficulties do not stem from data leaks, but from requests for rights that have been mishandled, poorly documented, or simply forgotten." Raphaël Buchard, CEO of Dipeeo
With Dipeeo, no more headaches: we manage all your rights requests, from receipt to response to proof of compliance.
Download the resource
Already 500 compliant companies
When human expertise meets technological power for your GDPR compliance.
Unique support from a dedicated GDPR expert combined with the power of a powerful, intuitive SaaS platform for simplified compliance.
A GDPR legal expert
as a new colleague
At Dipeeo, our GDPR experts - specialized lawyers and former in-house counsel - take care of your compliance from A to Z.
A dedicated legal expert
An outsourced DPO registered with the CNIL (National Commission for Information Technology and Civil Liberties))
Unlimited, tailor-made advice
Cutting-edge expertise
No more stress, no more wasted time, we manage everything for you.
A single tool to manage your compliance
Access an innovative, intuitive tool that centralizes all essential information and facilitates the compliance process.
