As a company owner in the 21st century, simply staying up-to-date on data compliance regulations will no longer cut it. Especially with the introduction of the GDPR in Europe, people have grown more interested in protecting their private information than ever before. So, when the time comes and one of your employees or customers makes a subject data access request, known as a DSAR, what do you do?
What Is a DSAR?
Under Data Protection Act 1998, everyone has the right to make a data subject access request, or DSAR. The company’s job is to then send a copy of the information they keep on that person. Of course, DSARs aren’t completely something new, but awareness of the right to make a request, as well as the desire to do so, has risen since the GDPR went into effect.
Not only have internet users and company employees, as well as pretty much everyone else online, become more aware of their DSAR rights, but they’ve also become more concerned. There are many reasons for this concern plastered all over our newsfeeds. In fact, there’s a very high chance that all of our personal data has already been stolen or lost by the likes of Facebook, Equifax, and even LinkedIn, just to name a few.
Source: IMF Global Financial Stability Report, April 2024, Chapter 3
Common DSAR Sources
This may come as a surprise, but the vast majority of DSARs are filed by employees.
Source: Privacy Engine
As shown above, 2/3rds of all DSARs are made by employees. This is typically the result of a dispute with their employer, where the employee believes there is information in their performance reviews, emails, and other internal documents that could help prove their case.
The remaining DSARs come from other sources, including customers. And companies recently suffering a high-profile data breach can expect to receive a sudden influx of DSARs from recently concerned customers.
DSAR Requirements
As a company owner, our concern is more focused on actually receiving DSARs than issuing them ourselves. The process of receiving one may be easier than you think. Say you run a business online that stores your customers’ personal information to any degree. That could be as simple as storing names and addresses to speed up their future purchases, or as far as recording race, marital status, bank information, health records, etc.
Source: PII Tools
For you, your number one priority is receiving consent from your customers/employees to store this information, and then proceeding to ensure it lives in the correct regulation-compliant areas (depending on where you do business, you may need to adhere to GDPR, HIPAA, CCPA, LGPD, etc.). Just because you’ve done this, however, doesn’t mean you won’t receive a DSAR.
For whatever reason, one of your customers or employees has sent you a DSAR. All they need to do is send you, or the relevant department, an email, a letter, or even a tweet requesting a copy of all the information you hold on them.
Now comes the hard part (or the easy part, if you have the right tools). Out of millions of pieces of data you store, how can you round up this individual customer’s sensitive data and send it to them in the most cost-effective way possible?
Data Discovery Tool Streamline DSARs
Assuming you don’t have the time to scrub through thousands of folders and millions of files, emails, and database records, your best option is turning to PII Tools. When used by an auditing professional or data protection officer (DPO), PII Tools’ self-hosted software can do everything from discovering sensitive data across all your platforms, to protecting you from suffering your own breach incident.
Source: PII Tools
Of course, that isn’t all. To make DSAR compliance as pain-free as possible, PII Tools software can instantly find all the data related to a specific entity held in any of your storages. Then, using PII Tools’ unique Analytics, you can filter and search for all the information you store related to whoever sent you the DSAR.
This technology takes all of the headaches and time-wasting out of DSAR compliance. Your customers are sure to appreciate the quick response with their sensitive data, and you’ll appreciate having taken care of the issue as soon as possible. And just in case you’re worried PII Tools won’t be able to identify the specific types of data your company stores, just remember its software even goes as far as utilizing built-in OCR to analyze scanned or rotated documents and images.
Source: PII Tools
A Pain-Free DSAR Experience
This new online business world can leave a lot of people feeling confused, especially with all the DSAR, SRR, SAR, GDPR, etc., acronyms not making it any easier. Luckily, there are experienced companies in the field, such as PII Tools, offering one-stop solutions to guide you through the maze of storing personal data.
Make handling DSARs one of the easiest (and fastest) tasks your DPO has to deal with. Gone are the days of manually searching for every piece of sensitive data you may or may not have stored on any given individual. And the best part? With PII Tools, you can then simply delete, quarantine, or remediate any personal information requested by your customers/employees.
Want to Know How PII Tools Helps With GDPR Compliance? Click Here to Find Out More
