Privacy
Are You Missing These 3 Pieces to Your DSAR process?
August 5, 2020
Individuals have the right to access their personal data under GDPR through a process commonly referred to as a DSAR (Data Subject Access Request). Data subjects can make a request verbally or in writing, and the organisation must fulfil that request within a one-month time-frame, otherwise they will not be GDPR compliant and can face severe consequences in the form of fines.
It can be a very complicated and challenging process to defensibly respond to DSARs, especially within large enterprises where having to deal with high volumes of complex or specific requests is normal. What I have observed is that organisations are often missing three important pieces to their DSAR puzzle—parts of the process that are often overlooked perhaps because they are activities that fall under different stakeholders’ remits, or simply due to them being much larger and more difficult areas to address.
Here's what I suggest the three missing pieces are:
- Do you really know your data?
- Can you connect to your data?
- Do all your processes work in concert with each other?
Exterro teamed up with Data Protection World Forum to explore these missing pieces to your DSAR process and how a robust data governance and culture can ensure your organisation successfully fulfils its data subject requests.
Watch the on-demand webinar by clicking here.
Listen to Exterro and leading industry experts on this video replay to explore:
- Why a robust Data Inventory is crucial to your DSAR process foundations
- How technologies should be leveraged to collect, review, redact and delete data defensibly
- Why DSARs must work in concert with other data and privacy practices
- Taking a holistic approach to your Legal GRC objectives