Mr. Simon McGarr:

It would be important that there be a recognised system and that certain tasks be performed and certain assessments be done internally before a request is made externally to a telecommunications provider. This is important for the telecommunications provider. Under GDPR, it will be liable if information is released improperly. It is as much for the provider's protection as it is for the protection of the individual whose data has been given out that the provider at least require some sort of written record so that it can say that all necessary legislative provisions had been adhered to before it issued the information. In terms of leaving telecommunications providers open to criticism and, potentially, substantial fines under the GDPR, it is critical that there be a set form of request with a certain number of protections built into it.