After reading the letter, it seems to me like most, if not all, companies that get a request like this would simply be able to respond with the same canned response every time, for every user. For example, Steve, what would you do if you got a request like this from a SQLServerCentral.com user? Could you not use the following for everyone? (Here would be my response to the first 5 questions in the letter. Obviously I don't know the real answers as they relate to SQLServerCentral.com, but I just made up some stuff that I thought would sound reasonable.) Sure it could be more complicated for different companies, but after they did one, chances are it would be applicable to many, if not all of their users. Then, once an individual gets a response back, are you going to argue it? How would the individual know what is correct, incorrect, or missing?
1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.
Yes, kevin77, your personal data is being processed.
1a. We have your Full name, and email address.
1b. The information is stored in the United States of America.
1c. Your personal information can be found at: https://www.sqlservercentral.com/Forums/Users/kevin77
2. Please provide me with a detailed accounting of the specific uses that you have made, are making, or will be making of my personal data.
Your email address is used to send out news letters every week day.
3. Please provide a list of all third parties with whom you have (or may have) shared my personal data.
3b. Redgate is a parent company, so all legal grounds transfer.
3c. Data is transferred over HTTPS/SSL.
4. Please advise how long you store my personal data, and if retention is based upon the category of personal data, please identify how long each category is retained.
Data is retained until you delete your account.
5. If you are additionally collecting personal data about me from any source other than me, please provide me with all information about their source, as referred to in Article 14 of the GDPR.
No additional data is being collected.