Now that we’re a year-and-a-half into what has been a seismic shift in the world of data privacy, it’s worth asking: How has the General Data Protection Regulation (GDPR) been treating you and your organisation?
Based on a survey from May of this year—about a year after the GDPR launched—yours may be one of about half of organisations that meet these massive EU requirements. Security testing firm ImmuniWeb found that half of the 100 most-visited websites in 28 EU member states ended up falling short of the GDPR requirements. And those were the websites with the most traffic. In other words, they’re the companies you’d have expected to be ready by the GDPR launch date.
For companies doing business in the EU, this is especially troubling because U.S.-style litigation has come to the UK. New firms like SPG Law have cropped up to bring in more group litigation cases with a focus on benefiting the UK consumer, which makes the GDPR a potentially-ripe regulation to start litigating around.
The Technology Solution to the DSAR Problem
If you have technology that is helping you with Data Subject Access Requests (DSARs), you’re in a better spot than many other organisations are. This guide may help you uncover new ways to utilise that technology—or perhaps you’re looking for more help with your DSAR workflow to increase efficiency in processing these requests. Either way, a good technology solution has a few requirements:
- A portal for DSARs that is both easy to use, and routes as many requests as possible directly into the fulfillment workflow.
- A way to automate (as much as possible) and manage this workflow—from authenticating the requestor’s identify to finding, reviewing, and producing their data. Depending on how many requests you expect to receive in a given month, the automation aspect becomes a more and more important factor. How many requests do you anticipate receiving, and how many more would you anticipate if you suffered a data breach? Compliance becomes more critical to your reputation and bottom line after a breach.
- An accurate, comprehensive data inventory. This is the foundation of the entire process: It gives you the ability to find all responsive information in your control. This means that your inventory should tell you what personally identifiable information (PII) you have access to, but where that data lives.
- An actionable way to handle that data. This means that you’re able to examine it before you collect it, understand the retention schedules involved, reach data volumes across multiple locations, understand which third parties that have access to the data, and know where duplicate data is stored. You’ll also want a solution that allows you to delete the data, preserve it (due to an internal investigation or legal hold), and move it to where it belongs.
Read our full, free report to see if your organisation has the necessary tools to establish a DSAR process to help you work towards compliance and avoid fines.