Article 12: Exercise of the Rights of the Data Subject
Article 13, 14: Right to Be Informed
Article 15: Right to Access
Article 16: Right to Rectification
Article 17: Right to Erasure (“Right to be Forgotten”)
Article 18: Right to Restriction of Processing
Article 19: Notification Obligation
Article 20: Right to Data Portability
Article 21: Right to Object
Article 22: Object to Automated Individual Decision Making
Article 7(3): Right to Withdraw Consent
Research in May 2018 by BSi showed that while over one third of firms considered themselves highly likely to receive a complex Data Subject Access Request, nearly 60% of them had no process or procedure for complying.
Our experience is that firms across the spectrum are regularly receiving DSARs and are struggling to comply within the allowable timeframe. Gartner estimate that on average it costs a firm $3,000 to comply with each DSAR. If there is a large volume of unstructured data to be reviewed this number can increase exponentially. Most firms do not track the costs associated with each DSAR so cannot build a business case for the implementation of better business process aimed at avoiding the incidence of DSARs.
Triggering the highest penalties and the risk of class actions, the management of data subject rights in line with legislation is critical. This complex area of data privacy encapsulates the types of requests coming in, the act of finding the data to fulfil a request as well as the documentation, response times, identity validation and security requirements.
The Data Privacy Group have in-depth experience of handling Data Subject Access and other Subject Rights Requests. We use the OneTrust tool set to provide the automation and overlay it with decades of expertise to build fully compliant workflows that are integrated with your data map and IT service management tools for automatic data mining to extract the necessary data. Finally, we bring fully approved templates for the communications with the data subjects making the requests.
Our Services Include
Implementation of End-to-End Workflow Automation and Record Keeping
Creation of a fully customised portal and integration into your website
Implementation of fully compliant workflows
Integration with the underlying data map
Integration with IT Service Management tools
Consolidation of requests from multiple sources
Auto-Delete Non-Essential Data with Retention Policies
Secure communication of responses to Data Subjects
Creation of audit trails and reports for compliance reporting
Location and Redaction of Personal Data for Data Subject Access Requests
Automatic Search of unstructured data (email, MSWord, Excel, PDF, etc.) for personal data.
Bulk scanning of paper-based files and automatic location of personal data
Redaction or removal of non-related personal data
Creation of DSAR packet for Data Subject