GDPR Requests

On occasion, people may make requests under the Data Protection Act for a copy of their information to be sent to them. In this case, administrators, if able, should take the following actions. If unable, they should raise the case with a more priviledged administrator.

Stores of Information

  • Mailing Lists
  • Databases
  • Unix User Accounts (if applicable)
  • Mail (if applicable)
  • Invoicing System

Collecting the Information

Mailing Lists

From the mailing lists, the user's personal details and message status and clickthrough details should be collated, probably as a .json file as part of an export from the API.


A .csv export of any records from tables relating to the subject. Ensure that no user data of other users is compromised.

Unix User Accounts

If the user has a Unix account on any MeridianGroup controlled server, the details of this account should be collated. This should include entries in /etc/passwd, /etc/shadow and /etc/groups.


If the user has an email account, the details of the account, any aliases and a .zip file of the user's email inbox should be collated.

Invoicing System

If the user has been invoiced previously for any reason, a copy of all previous and future invoices should be provided, and any additional personal details stored on the invoicing system.

Sending the data

Once collected, the data should be sent as a .zip file containing all relevant data in separate folders. Before any file of this kind is transmitted, it must be checked by a member of the committee, who can be contacted at