For IT & Collaboration Owners
Deliver safe, secure collaboration while satisfying the needs of stakeholders across the business

For Security
Improve your risk posture with a purpose-built solution for collaboration

For Legal
Scale, orchestrate and streamline your eDiscovery process for employee collaboration
For Compliance
Establish a proactive approach to collaboration compliance and information governance

For Employee Experience
Harness insights from surveys and collaboration data to transform the employee experience

AWR-2023_human-behavior-risk-analysis-report_cover art_small
Download the Resource

The Human Behavior Risk Analysis

Learn More →


Connect Aware to the tools you already use to have all your company messaging in one place.

Our Platform

Contextual Intelligence Platform

Aware is a contextual intelligence platform that identifies and reduces risk, strengthens security and compliance, and uncovers real-time business insights from digital conversations at scale.

LEARN MORE → Learn About our AI →
Our Applications


Protect your data and your people with complete, real-time visibility and centralized control of collaboration.

Learn More →

Data Management

Take centralized control and make smarter decisions about what to keep and what to purge.

Learn More →

Search & Discover

AI-powered universal search purpose-built for collaboration. Find information and surfaces the full story—faster.

Learn More →


Automatically capture authentic human signals from modern collaboration to support your most valuable asset.

Learn More →

What's in your data?

Calculate my results →


About Aware

Our leadership, our company


Explore open roles with our remote-friendly, global team


Driving customer value, together

Press Releases

Digital workplace news and insights


How Aware customers streamline operations, reduce risk, and boost productivity


Data security partners & certifications


Get in touch with us


10 Reasons Why Aware is a Top Place to Work

Learn more →


Access reports, webinars, checklists and more.

Explore →


Explore articles devoted to enterprise collaboration, employee engagement, research & more

Explore →
Case Study Promo_2023

How Aware customers streamline operations, reduce risk, and boost productivity

Read More →

The GDPR Is Here... And This Is a Nightmare Employee Demand Letter

by Aware

With the arrival of the deadline for the General Data Protection Regulation (GDPR) enforcement, companies across the globe are updating privacy policies and procedures to avoid heavy fines and penalties for noncompliance with data subject access requests (DSARs).

What is the General Data Protection Regulation (GDPR)?

In a nutshell, the GDPR says that people have the right to their own personal data; that individuals have the right to request access that data, understand how it’s used, and “request to be forgotten”. The broad stroke regulation works to tackle the fact that new technology emerges by the year and until legislation catches up, personal data can be leveraged without the affected individuals' consent.

Organizations are cleaning up their act when it comes to consumer data subjects. However, many have overlooked an entire group of data subjects—employees. They possess the same rights as consumers to make subject access requests, and employers need to be ready.

What an Employee Subject Data Request Could Look Like:

This 'nightmare letter' by Constantine Karbaliotis shows what a subject access request under the GDPR could look like. Let's dive into this nightmare employee demand letter:

Dear Sir/Madam:

I am writing to you in your capacity as data protection officer for your company. I am an employee of yours, and in light of recent events, I am making this request for access to personal data pursuant to Article 15 of the General Data Protection Regulation. I am concerned that your company’s information practices may be putting my personal information at undue risk of exposure or in fact has breached its obligation to safeguard my personal information pursuant to <latest nasty cybersecurity event or thing in the news>.

I am including a copy of documentation necessary to verify my identity. If you require further information, please contact me at my address above.

I would like you to be aware at the outset, that I anticipate reply to my request within one month as required under Article 12, failing which I will be forwarding my inquiry with a letter of complaint to the <appropriate data protection authority>.

Please advise as to the following:

1. Please confirm to me whether or not my personal data is being processed. If it is, please provide me with the categories of personal data you have about me in your files and databases.

a. In particular, please tell me what you know about me in your information systems, whether or not contained in databases, and including e-mail, documents on your networks, collaboration platforms, or voice or other media that you may store.

…and unfortunately, this is only the beginning. Continue reading the rest of this employee demand letter.

How to Prepare Your Company for Employee Data Subject Requests

1. Audit Employee Data and Access

The first thing you need to do is understand all the sources of data your company has on a given employee. This includes personal information, employee communications, or anything that can be matched to an identified person.

In addition to understanding what data your company has regarding an employee, it’s important to understand who has access to this data. This could be internal or external (e.g. partners, vendors) players.

Best Practice: Implement Record Retention Policies

In addition to these employee rights, the Article 29 Working Party also recommends not to ‘retain [personal data] any longer than necessary’.

When employees transition in and out of the company, there is a natural transition of formal employee information – personal information, insurance data, tax information. But what about all of the informal records an employee leaves behind? Who audits or deletes these records over a period of time? This is where company record retention policies are instrumental.

2. Trim the Fat

During your audit of employee data, it’s also a great time to identify arenas of employee data that you may not be using (including that data that has exceeded your record retention policy) that you can delete as well as revoke data access from parties who no longer need it.

This helps mitigate risk of breach and limits the scope of future data access.

3. Implement Data Management Solutions

Now that you understand the sources of your employee data and who can access it, it’s important to prepare in the event that an employee files a data subject request. This includes sorting through your sources and confirming that you have the procedures in place to both extract employee data and delete it, if necessary.

Best Practice: Remember Unstructured Data

Companies around the world are adopting increasingly innovative pieces of technology at a rapid pace to encourage employee collaboration. Over 230,000 companies worldwide connect their workforce to a collaboration platform such as Workplace by Meta or Microsoft Teams.

More informal, frequent correspondences are taking shape in private and public forums. This does introduce a new set of potential risks to the enterprise security ecosystem. This data is a set that should be monitored, secured, and destroyed at the appropriate times, just like any other source of employee data.

Employers should always bear in mind the fundamental data protection principles…irrespective of the technology used, [and] the contents of electronic communications made from business premises enjoy the same fundamental rights protections as analogue communications…. – Article 29 Working Party

The ‘contents of electronic communication’ apply to the conversations that take place in collaboration tools. Meaning that employees have the right to, as with all other records: request their own data, understand how it is being used, and act on their ‘right to be forgotten'.

Aware's Data Management Solution

The Aware data platform gives Data Protection Officers around the world a solution for compliance within enterprise collaboration platforms, such as Slack, Teams, Workplace, and more.


Request a call to learn how Aware can keep your organization GDPR compliant

Topics:Compliance Adherence