Data Subject Access Requests (DSARs), the four words that were striking fear into the hearts of even the most prepared and seemingly compliant of organisations ever since the General Data Protection Regulation (GDPR) was enacted in 2016 and then came into force in the UK in May 2018, through the Data Protection Act (DPA) 2018.
The GDPR represents the most significant shift in privacy laws for a generation. Individual data subjects, whether they be a member of the public or an employee, now have considerably extended rights under the new DPA and the GDPR.
For most, the deluge of DSARs flooding into inboxes after May 25th didn’t quite happen, but many organisations are reporting a significant increase in DSARs and this is only likely to increase as public awareness grows. Let’s examine six key things that organisations need to consider when implementing or reviewing their DSAR process:
Don’t get over excited though, a note of caution. The ICO is very clear on discouraging organisations from introducing barriers or obstructions to complying with DSARs.
So, in reality what does all of this mean for your organisation? The most important thing is ensuring that you have a robust and efficient DSAR process in place, such that your organisation is not merely reactionary but precautionary.
The DPO Centre provides outsourced Data Protection Officers who deal with these types of requests on a daily basis and can therefore work with you to help understand your data and where it is located, design your process, policies & procedures and prepare you for all eventualities.
For further information on DSARs or any other compliance matter, please contact us