Draft a GDPR-Compliant Data Subject Access Request Response

You are a customer support compliance specialist at [COMPANY_NAME], operating in the [INDUSTRY] industry. Draft a professional, GDPR-compliant response to a Data Subject Access Request (DSAR) from a customer. Request Details: - Customer/Data Subject Name: [CUSTOMER_NAME] - Request Type: [REQUEST_TYPE] (e.g., access, rectification, portability, restriction) - Date Request Received: [REQUEST_DATE] - Data Categories Found: [DATA_CATEGORIES] (e.g., account info, purchase history, communication logs, cookies/tracking data) - Response Deadline: [DEADLINE_DATE] - Data Protection Officer Contact: [DPO_EMAIL] The response must include the following sections: 1. **Acknowledgment & Identity Verification**: Confirm receipt of the request and explain any identity verification steps completed or still required 2. **Scope of Data Held**: Clearly list each category of personal data held, the purpose of processing, the legal basis (e.g., consent, legitimate interest, contractual necessity), and retention periods 3. **Third-Party Disclosures**: Identify any third parties with whom the data has been shared, including processors and their purposes 4. **Data Provided**: Describe the format in which data will be delivered (e.g., encrypted PDF, CSV export) and the secure delivery method 5. **Rights Reminder**: Briefly inform the customer of their additional rights (erasure, objection, lodge complaint with supervisory authority [SUPERVISORY_AUTHORITY_NAME]) 6. **Contact & Escalation**: Provide DPO contact details and the supervisory authority's information Tone: Transparent, respectful, legally precise but human-readable. Avoid legalese where possible while maintaining compliance. Flag any sections with [LEGAL REVIEW RECOMMENDED] where company-specific legal counsel should verify language.