Is your Business dsar ready?

Posted on by Michael Ozanne

A properly prepared business will save £1000’s on DSARs if they follow these key steps.

Now more than ever before, effective data management is critical as businesses recover post Covid-19 and look to move from traditional data storage to cloud based services like Office 365.

You may have already taken the necessary steps to ensure you’re compliant with GDPR, you’ve put in place a data protection officer, you’ve written the policies, set the retention periods…

But what happens when you are on the receiving end of a data subject access request (DSAR)?

In 2020, the turnaround time for a DSARs was estimated to be just over 2 weeks.

However, as a result of the Covid-19 crisis the number of redundancies increased and businesses found themselves dealing with increasing number of DSARs putting significant pressure on already stretched HR teams and Data Protection Officers.

A recent study showed that over 75% of DPOs were now struggling to keep up with their data compliance obligations following lockdown.

Does your business have the necessary tools and processes to ensure you can handle the request within the 30 days allowed?

By following these steps a properly prepared business can save £1000’s and minimise the risks of delays and regulatory fines when fulfilling data subject access requests.

Step 1: Understand your obligations and exceptions

In order to fulfil a DSAR, a business should provide the following information to the verified requester:

  • A copy of the requesters personal information held by the company.
  • The purposes for processing that data.
  • The categories of personal information collected (e.g. contact information, medical history).
  • The recipients of the personal information.
  • The company’s timeline for retaining the data.
  • Whether automated decision-making is involved in processing this data and the significance of those operations on the user.

For more information on your obligations have a look at the ICO’s guide with regard to rights of access:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/right-of-access/

How can we help:

Metapoint has the experience necessary to support your business in understanding exactly what your regulatory obligations are with regard to DSARs.

Step 2: Get to know your data

In order to comply with a DSAR you need to know where your data is and what to give to regulators.

If you don’t already have a data asset register, put one in place now.

You should ensure your data asset register includes:

  • Data classification: How sensitive or confidential are the various types of data being stored?
  • Processing purpose: Why you are storing it?
  • Data location: Where it is being stored?
  • Retention period: How long it is stored for?
  • Ownership: Who is responsible for the data?

How can we help:

Metapoint can guide your business in determining the data you have and where it is stored.

We can provide the necessary tools and templates required to complete a detailed data asset register for your business.

Step 3: Plan

Robust DSAR processes start with understanding the key steps in the lifecycle of a DSAR and some of the challenges you will likely encounter:

  • Take time in advance to plan and document your DSAR handling process.
  • Identify the parties involved in the processing of a DSAR and ensure clear lines of communication throughout the process.
  • If the DSAR requires involvement from 3rd party service providers, ensure their processes are aligned with yours.

How can we help:

Metapoint can help you define you DSAR process and optimise it to ensure the lowest possible impact to your business.

We have automated solutions for data sorting and redaction capable of processing 100s of pages of data in just a couple of minutes.

This automation increases accuracy and allows your team to focus on high risk concerns

Step 4: And finally…..    Test your processes

Testing will help you fine tune the approach and identify bottlenecks, ensuring that when you do receive a DSAR your business is in the best position to handle it effectively and efficiently.

Can you afford for your business not to be DSAR ready?

Metapoint have the tools and experience you need and can support you on the journey to being DSAR ready.

To find out more about how Metapoint can help save your business time and money in managing DSARs please email: info@metapoint.gg

#Metapoint #GDPR #Compliance #HR #DSAR #GACO