Effortlessly handle Data Subject Access Requests
The General Data Protection Regulation (GDPR) provides every EU Data Subject certain rights that they can exercise regarding their own Personal Data:
- Right to be informed
- Right of access
- Right to rectification
- Right to be forgotten
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to not be the subject of automated decision-making
This means that every organization that processes personal data of EU citizens should be able to receive, process and answer Data Subject Access Rights (DSAR) in a timely fashion. If you cannot reply within one month of the receipt of the request, you risk getting fined by the Data Protection Authority. Taking into account the immense amounts of data that companies process every single day, this presents certain challenges that require a structured approach.
Challenges of DSAR
When it comes to practically dealing with DSARs, most organizations are still searching for a cost-effective way to handle these requests. These are some of the challenges we encounter most:
- Identification: this step is oftentimes missed. Even though it poses a great risk of encountering a data breach. E.g.: when the submitter of the request isn’t who he claims to be.
- Knowing where to look: data is spread out across an organization, so it’s not always clear for a Data Protection Officer (DPO) where he can find a particular Data Subject’s data
- Getting complete information: even if you can locate the data of your Data Subject, a lot of DPOs will still have this internal incertitude of whether they now have ALL the personal data
- Tracking progress: In larger organizations the DPO can count on his colleagues throughout the organization to follow-up on DSARs. However, with the increasing pressure on organizations, tasks can easily be left aside for too long, at great risk of course.
It’s possible to keep track of DSARs via e.g. a spreadsheet. However, it’s not a very sustainable, nor a productive way of working. The GDPR is only in effect for a few years now, and the number of DSARs will rise as people get more acquainted with them. That’s why we suggest an automated, structured approach.
Handling DSRRs in RESPONSUM
The goal of our solution is to make your life as a privacy professional easier. When a DSRR comes in, RESPONSUM guides you through the necessary steps:
- Determine the scope of the DSRR
- Delegate tasks across the organization
- Keep a history log of all actions
- Get or send timely reminders to ensure a close follow-up
- Set up review cycles before answering the Data Subject’s request
Want to see our DSAR module in action? Get in touch for a free demo or Proof of Concept!