How can organisations handle a GDPR Subject Access Request?

November 18 15:16 2017 Print This Article

How can organisations handle a GDPR Subject Access Request?

Article 15 of GDPR outlines what a Subject Access Request (SAR)is and how business needs to react and how to comply with them. If your organisation is collecting data on EU citizens there is a high possibility that you will start to see a steady flow of SAR’s clicoming into your inbox. This will impact your business in a multitude of ways.

Firstly there is a business planning element to this and how from an operational aspect could you handle 1 request per week, 10 a week or if you are a larger organisation 100 per week? This poses a number of additional questions for any business. New processes and internal policies will have to be implemented throughout the organisation to making staff and stakeholders aware of how to effectively handle a SAR.

The second element to any SAR is how do you know what information you have on a data subject and more importantly do you have the capability to find it? This is where Ground Labs are positioned to help organisations of any size right across the EU. Our sensitive data discovery tool already has over 200 PII data types preconfigured so the tool works straight out of the box and starts to find sensitive data as soon as the scan has been set up to run. PII types such as name, address, bank details, health numbers, passport numbers and driving license number all pre-configured into the tool.

If you are running a search tool for a specific SAR our tool will search your entire network for every instance of the data type you are looking for a report back its findings. To comply with Article 15 you have 30 days to respond to the data subject answering in detail where their data has been stored on your network. Enterprise Recon can give you that information. It’s not big and clunky, it’s on-premise and runs quietly in the background without slowing down your network as a scan is being run.

The original article (and image) was originally posted here: https://blog.groundlabs.com/how-can-organisations-handle-a-gdpr-subject-access-request

view more articles

About Article Author

GDPR Associates
GDPR Associates

View More Articles
write a comment

0 Comments

No Comments Yet!

You can be the one to start a conversation.

Add a Comment