When such regulations as GDPR (General Data Protection Regulation) and CCPA (The California Consumer Privacy Act) came into force, people get more understanding of their privacy rights. With the awareness comes actions. Therefore, it means that businesses have a lot of access requests from consumers because everyone wants to know for what purposes their data is collected and how it will be processed. It would be great if the processing of these requests become automatic. In this article, you will learn how you can simplify this process.
What Is DSAR and How to Comply with It?
Data Subject Access Request (DSAR) is a method by which a data subject can ask a business about what their personal information it has and for what purposes it would be used. According to these requests, consumers may ask the business to access, correct, or delete their private information. Moreover, all these requests also deal with third-parties with whom personal information is shared. It means that if a client asks about the deletion of personal data it must be deleted on their side as well. The process of the request of rights should be as simple as possible. For example, you may have a request form on your site or contacts of the department which is responsible for such requests. Moreover, consumers do not have to request their information in writing. They just can ask you something like “what data do you have on me”?
In most cases, consumers request a list of all private information a business has on a client or employee. Sometimes there could be requested only specific details. To understand what can be included in data subject requests you should know what rights have customers and employees. Here are some rights of data subjects they can ask:
- Confirmation that you are processing personal information;
- Access to personal information;
- Categories of data that are processed;
- Information about automated decision-making processes;
- The name of third parties personal information can be shared with.
Remember that consumers should not have any reason to ask DSAR at any time they want. Businesses can only ask about identity verification of the data subject to be sure that there would not be an unintentional data breach.
There are exceptions in situations where a person can submit a DSAR on behalf of another person, for example:
- Request on a child from someone with parental responsibility;
- Request on behalf of the employee or client;
- When data subject asks help from a friend or relative.
Be sure that the third party is truly requesting on behalf of your client or employee. For this purpose, you can ask for additional documents such as birth certificate, power of attorney document, or any other documents that prove the relationship.
Businesses need to fulfill data subject access requests within a limited period of time. For GDPR is 30 days and for CCPA is 45 days. If you can not provide the answer within this timeframe, you need to notify the subject about it as soon as possible with explanations why you can not provide the request in time. Otherwise, you will be non-compliant and you will need to pay huge fines.
One of the most important things when you are sending DSAR is to be sure that there is no piece of personal information about a third person or company. In such cases you can redact information in the request, otherwise, there will be a data breach.
To reduce the risk of the mistake, DSAR should be fulfilled by the experienced person. Usually, it is a DPO (Data Protection Officer). It is good to have a guide with step-by-step instructions in case a DPO will be unavailable, so the process would not be stopped. It can be useful if some part of your employees could know about how to respond to DSAR. Therefore the process may become easier. This practice helps you to make a good image among your consumers, as far as all requests are processed in time.
Automation of DSAR. Why Is It Important?
One of the key moments when you are processing DSAR is to find certain information about the consumer. Personal information may be stored in different places such as cloud storage or on-premises. This process is time-consuming when you need to find all personal information on a certain person manually. After that, you need to compile a report for the consumer. To sum up, the process of DSAR fulfillment is complex. That is why companies are searching for a solution that will help to automatize this process partially or fully.
Businesses can reduce the time that they need to spend on the report with automatic solutions. If the time is reduced, consumers will be satisfied with the speed of providing the report. If you have a satisfied consumer, it will be positively influence the image of your business. You can deal with a huge number of such requests without any delays. Employees do not need to do a manual search and report so you can save their time for important tasks.
Simplify DSAR Process with DataSunrise
DataSunrise has a comprehensive solution that will help you to make DSAR process easier. Our DSAR feature has powerful search and reporting mechanisms that simplify the processing of access requests. You will have the possibility of a secure search for any information you need across your databases. Moreover, the DataSunrise DSAR functionality is easy to use. Take two steps to start:
- Firstly, you need to configure the search parameters based on a data discovery task;
- Then specify the data that you need and initiate the search task.
As a result, you will get a report with the requested data. You have data from the DSAR response and stayed in compliance with such regulations as CCPA and GDPR.
With the DataSunrise DSAR feature, you will be in compliance with regulations such as GDPR, CCPA and more. Be sure that all data subject requests are made with the security standards. Also, you do not need to implement a lot of different tools for processing DSAR, so it saves your budget.
There always should be a person (DPO, for example) who will be responsible for checking and fulfilling the form of the request in the right way. But with the help of the automatic DSAR solution, the time spending on each request will be significantly reduced. You are welcome to try our DSAR solution to see its advantages.