Handle Data Subject Requests with ease
The GDPR has only been in effect for a few years, but the number of Data Subject Requests will continue to rise as people get more acquainted with them. Although it’s possible to keep track of Data Subject Requests via spreadsheets, it’s not a very sustainable, nor a productive way of working. That’s why RESPONSUM suggests an effortless, automated, and structured approach.
Data Subject Requests explained
The General Data Protection Regulation (GDPR) provides every EU Data Subject certain rights that they can exercise regarding their own Personal Data.
This means that every organization that processes personal data of EU citizens should be able to receive, process and answer Data Subject Rights (DSR) in a timely fashion. If you cannot reply within one month of the receipt of the request, you risk getting fined by the Data Protection Authority. Taking into account the immense amounts of data that companies process every single day, this presents certain challenges that require a structured approach.
- Right to be informed
- Right of access
- Right to rectification
- Right to be forgotten
- Right to restriction of processing
- Right to data portability
- Right to object
- Right to not be the subject of automated decision-making
Challenges of Data Subject Requests
When it comes to practically dealing with Data Subject Requests, most organizations are still searching for a cost-effective way to handle these requests. These are some of the challenges we encounter most:
Identification
This step is oftentimes missed. Even though it poses a great risk of encountering a data breach. E.g.: when the submitter of the request isn’t who he claims to be.
Knowing
where to look
Data is spread out across an organization, so it’s not always clear for a Data Protection Officer (DPO) where he can find a particular Data Subject’s data.
Getting complete information
Even if you can locate the data of your Data Subject, a lot of DPOs will still have this internal incertitude of whether they now have ALL the personal data.
Tracking
progress
In larger organizations the DPO can count on his colleagues throughout the organization to follow-up on DSARs. However, with the increasing pressure on organizations, tasks can easily be left aside for too long, at great risk of course.
Handling DSRs in RESPONSUM
The goal of our solution is to make your life as a privacy professional easier. When a Data Subject Request comes in, RESPONSUM guides you through the necessary steps:
Determine the scope of the DSR
Delegate tasks across the organization
Keep a history log of all actions
Send timely reminders for close follow-up
Set up review cycles before answering the DSR
Check out our blog:
A guide to Data Subject Right Requests (DSRR)
Want to see our DSR module in action?
Get in touch for a Proof of Concept or book a free demo with one of our consultants today.
Don’t worry, they won’t bite.
