GDPR has led to more people looking for their data from businesses – here’s how to deal with it

by GDPR Associates | 12th May 2019 2:25 pm

There has been a lot of attention on Data Subject Access Requests (DSAR) since GDPR was introduced almost a year ago.

The General Data Protection Regulation (GDPR) has brought a lot of attention on Data Subject Access Requests (DSAR) since it was introduced almost a year ago.

Organisations need to be prepared, know where personal data is stored and what the data contains in order to fulfil a request from clients, consumers or employees.

Whilst this is great in theory, it doesn’t always play out in practice, resulting in excess use of internal resources for businesses.

By streamlining the process and establishing working methods and data flows that compliment existing processes, organisations can reduce the impact on resources.

What is a DSAR?

A DSAR is the legal mechanism which allows European citizens and residents to obtain a full account of all personal data an organisation holds on them, an explanation as to why this information is being held, and copies of this data should they wish.

Under the GDPR, companies are expected to complete DSAR’s within one month – previously it was 40 days.

The way in which organisations can receive a DSAR expanded outside of the traditional postal option with the introduction of the GDPR also. Requests can be made by email, verbally in person or by phone, through a live chat portal, or even via social media channels.

Personal Data

The sources of data within a business are expansive and include CCTV data, backup data, phone call data, web chat data, log data, emails, CRM records, or order history.

When a DSAR comes from an employee it can also include all emails, any meeting minutes where the employees name is mentioned or documents or correspondence relating to any work they have done.

Reasons why responding to a DSAR can be challenging

It should be reasonably “simple” to search for personal data and provide it to the data subject who has requested it. However, in practice, the process is more complex and here are some of the reasons why:

Streamlining DSAR responses

Preparation is key and a DSAR should not place a heavy burden on organisations that are ready and aware of what is required to respond and have identified the tools to assist them.

Having the following ready should help organisations respond in an efficient manner:

Implementing a streamlined DSAR process, whether you are a large or small organisation, will not only reduce the impact on resources it will also ensure that the requester receives all relevant details in a timely and compliant manner.

The original article (and image) was originally posted here:
https://fora.ie/readme/gdpr-advice-4628227-May2019/[1]

Endnotes:
  1. https://fora.ie/readme/gdpr-advice-4628227-May2019/: https://fora.ie/readme/gdpr-advice-4628227-May2019/

Source URL: https://www.gdpr.associates/gdpr-has-led-to-more-people-looking-for-their-data-from-businesses-heres-how-to-deal-with-it/