Confidently comply with every DSAR (Data Subject Access Request)
Privacy regulations like GDPR and CCPA aren’t going away. In fact, there are more than 20 other states working on their own version of the CCPA. Not to mention, any company doing business with a California resident will be affected when CCPA becomes actionable on July 1, 2020. At that time the California Attorney General will focus on data violations.
These privacy and compliance regulations specify deadlines for responding to a DSAR (e.g. CCPA is 45 calendar days). If you don’t know where your data is, 45 days is not much time to search all systems that may contain subject data.
Trust an expert to help fulfill and manage your subject access requests
Integro is a 25-year veteran at helping companies understand and gain control over their data. We’re also an independent consultancy, which means we can bring business analysts, technology specialists, and training experts for an end-to-end approach to address your business challenges and objectives. Specifically, when it comes to managing subject access requests, we recommend and can guide you through the following key steps:
Step 1: Complete a data inventory
You’ll eventually start receiving subject access requests from individuals who want to know what information you have about them, how you’re using it, and if it should be deleted. To fulfill subject access requests in a timely manner, you need to know where your data is and who has access to it.
That’s why we begin with a data inventory (data mapping) exercise. Integro will help you find where personal information is being stored (e.g., systems such as Salesforce, etc.), what data is in there, and how it is being used. The end deliverable will be a detailed data map that will guide your DSAR process.
We’ll also help you automate your assessment process to keep your data map up to date.
Step 2: Establish subject access request processes
Integro’s privacy experts will work with you to establish processes that satisfy data subject access request requirements and meet your legal team’s expectations. This includes workflows for proper requestor verification and what should be included in the reply.
Step 3: Implement technology and automation to manage subject access requests
Integro will help you architect and implement a process that includes technology and automation to collect, service, respond to, and report on subject access requests. This technology includes dashboards summarizing your data sources, processing activities, and DSAR status. Dashboard widgets are customizable. Graphical reports are available that clearly show the geolocation of your data. In addition, report templates speed your ability to comply with record keeping requirements such as reporting on all processing activities for the GDPR.
Step 4: Training
Integro’s privacy training experts will train your employees on their privacy responsibilities and the subject access request process. Training programs are a requirement in some privacy regulations such as GDPR. It’s essential employees be well aware of responsibilities to maintain long-term data privacy compliance.