I read somewhere that GDPR requests for restricted processing (Art.18) cannot be combined with any other topic or request. E.g. If you request that they not use your e-mail for marketing purposes.
WTF. Yes, I understand the idea is that if the request stands on its own, it cannot be overlooked. But #GDPR requests are ignored so often that I deliberately combine a GDPR request with another request that is more difficult to ignore. That way when they ignore the GDPR request but treat the non-GDPR request from the same letter, it proves that the data controller received my letter. When a GDPR request is made on its own, they can more easily claim the letter never came and shift the proof-of-delivery burden onto me.
This does not seem to be correct. The law itself does not specify a specific format nor does it posit a limit on the number of rights exercised per request. Here are some (German) templates which one might use. I’m pretty sure similar documents exist in other EU countries.
https://www.verbraucherzentrale.de/sites/default/files/2019-10/Auskunft_nach_Art._15_DSGVO.pdf
https://www.heise.de/news/DSGVO-So-nutzen-Sie-Ihre-Auskunftsrechte-4429886.html?seite=2
It might be a good idea to send a registered letter with reply advice (Einschreiben mit Rückschein).
Good luck
I wish I kept track of where I read that. Could have been case law, or EDPB guidelines. Maybe I was speed-reading Art.21¶4 (which is really a requirement on the data controller).
It might be a good idea to send a registered letter with reply advice (Einschreiben mit Rückschein).
If I did that it would cost me over €10 for every single request. Even if it leads to lawsuit and the court favors my claim, registered letters are still a loss. They cannot be claimed back in court.