Hi there ... I'm looking for your thoughts & wisdom on this.
In the last two weeks, I've seen a bunch of emails with the same Subject and Body Text .. only the email addresses change.
The Subject is always "Data Removal Request"
The Body Text is always
"I hereby withdraw my consent for you to collect, process or store any personal data related to firstname.lastname@example.org
I request that you delete any and all data related to, and belonging to email@example.com that your company stores, pursuant to my rights under Article 17 GDPR.
These requests have covered emails from a variety of free email providers, gmail.com, gmail.fr, hotmail.com ... which makes me think there is a system or service out there generating these emails on behalf of individuals ... possibly for a nominal fee 🙂
Of the 20 or so emails we've seen, only a handful of the emails are actually customers / users of our service ... which makes me think the system or service sending these emails is generating mailshots and firing them out to a range of service providers like my company
Anyone else seen this?
I'm going to work through the email headers to see if there are any clues ... but I thought it was worth posting here in case anyone else is in the same position as me 🙂
Thanks for your reply @Akirin00
This is for everyone...
We are receiving requests (quite possibly from https://www.deseat.me/) from people who are not users in our system. There are though other systems where we keep people's information. For example, Mailchimp - where people's name and email is kept if they signed up to to our newsletter on our website without actually signing up for our service.
For someone like this - who is not a user of our system, has never agreed to the terms of service of our application, but has signed up to receive email, would you still somehow verify them before removing them form mailing lists?
We're treating the "deseat.me" requests as unsubscribe requests too.
None of the ones we've seen yet have come from actual paying customers of the service ... but we still have to check, which takes a little time ... I need to automate that process. Until then I'm reluctant to spend even more time on "verifying" these requests and having back & forth conversations with people who really just want to unsubscribe from marketing campaigns.
I'd like to think that paying customers are smart enough to know that we can't "forget" their commercial transactions with us ... but we'll see 🙂