If you have email marketing lists it's likely that you will receive requests from subscribers for details of the personal data you hold. You might already have had some from those who, inspired by the saturation publicity that the GDPR has generated, just want to be first in their group to do so.
We recommended some time ago that you should establish systems to deal with these requests, or rather demands. You should also review your procedures to ensure that not only are you fulfilling your obligations in law, but doing so in a cost-effective manner.
As is the norm in email marketing it is unlikely that one size will fit all but here is an overview of what you should consider.
1/ Explain rights
There should be an obvious click-through on marketing emails and on your website for customers to be able to discover what their rights are. Have it in the paragraph which explains that you comply with all aspects of the GDPR.
2/ Provide a proforma
A proforma normally limits what is requested. Rather than demanding everything, if they see a box to tick for exactly what they are after, then it helps both sides.
3/ One or some
Given your specific circumstance, you might feel it best to have separate proformas for each type of query. This would mean simpler forms.
4/ Be prescriptive
Most people waffle, both in speech and on paper. Design the proforma to ensure that there is a precise request. In this way neither side is confused.
5/ Lots of tick boxes
Not only do boxes clarify what is wanted but also ensures that the process is directed to the person responsible. Time saved is money saved.
6/ Prominent or obscure
There are arguments on both sides of the argument whether to make the form for requesting details easy to find. If it is on the Home Page, you might generate spurious requests just out of curiosity. If it requires a bit of a search you will probably encourage those with a genuine desire for information for their data to send in their requests via email, defeating the whole purpose of the proformas. There is a suggestion that there will be an initial surge but that it will tail off so it is a decision that you should readdress.
One way of reducing the number of requests is to inform your customers and in particular those on your email marketing lists, of what data you will keep and what purpose you use it for. This could be via the welcoming email to new subscribers or/and on the page of the click-through to the signing-on landing page. As time goes by, you will be able to work out what your customers are concerned about and make that information easily available.
State that there is no fee in normal circumstance, but make it clear that you can, in certain circumstances, charge or refuse.
Include in the reply what their rights are if they are dissatisfied with your response.