Does your company receive a lot of data subject access requests (DSARs)? Perhaps you’ve heard the phrase thrown around but don’t know what it really means and how to deal with it effectively. Data subject access requests have been around for some time, yet many companies are unsure about their obligations when receiving them – or even how to respond. DSARs are an important right provided to individuals under the General Data Protection Regulation (GDPR) as they allow someone to find out what data an organisation holds on them and what is its purpose.
It’s essential that organisations take these requests seriously and understand how to handle them correctly. If you’ve heard the phrase “DSAR,” or but don’t know about Data Subject Requests or how to respond to one, you’re not alone. In this article, we will explain what a DSAR is, the steps organisations need to take if they receive one, and the implications if any request is ignored or incorrectly handled.
Understand What Is Included in a DSARs
A DSAR covers any personal data that should be held about an individual. This includes anything from name and address, IP addresses, digital artwork files, phone numbers, financial information – even voice recordings and CCTV footage. It is important to understand what is required with a DSAR request in order to comply with GDPR regulations properly.
Collect Information About the Person Making the Request
When responding to a DSAR request, it is important to collect information that identifies the person making the request and confirm their eligibility for access rights under GDPR regulations. Some common pieces of information used for this include date of birth, address and photo identification, as well as proof of address such as utility bills or bank statements.
Gather Any Relevant Data
Once you are satisfied with identifying information about the person making the request, it’s time to locate and gather any relevant data that is covered under the scope of their request. Depending on the nature of your organization, this could include customer databases, CRM systems or backend software systems like HR databases or managed applications logs. It may also be necessary to review metadata alongside documents itself if requested by an individual during their DSAR process.
Review & Analyze Your Findings
Once all information has been found and gathered, its best practice for organizations or businesses to do one last review before sending out results back to an individual so that only relevant data points associated back with them are returned rather than anything else that was collected by accident during searching activities when fulfilling a DSAR request. This is known as analysing customer intelligence which means taking into account factors including but not limited to how old certain datasets were compared against newer ones, whether they refer directly back to someone who made those requests, any duplicates that might already exist due to analyse past searches, etc.
Upload & Transfer Results Back
Once the analysis has been completed, it’s time to upload all results back in an understandable form (HTML, XML) either via secure file transfer protocol (FTP) onto something like Google Drive/docs where people have specified prior arrangements before receiving their generated reports based upon format choice.
