Data Subject Access Requests
Efficiently and effectively manage data subject access requests and consolidate all consumer requests into one centralised portal.
Meet the requirements of regulations like The GDPR and CCPA with a centralised solution for managing data subject access requests. Easily manage and process requests from multiple regions and deliver personal information effectively to your data subjects.
The GDPR & CCPA grants individuals the right to access their personal information from organisations so they can understand what data the organisation holds and how it’s used, for lawful processing. (Article 15 The GDPR ‘Data controllers to confirm to Data subjects whether they are processing their personal data.’)
A request to access personal information is known commonly as a DSAR. (Data Subject Access Request.)
An individual can make a data subject access request to you verbally or in writing. It can also be made to any part of your organisation (including by social media) and does not have to be to a specific person or contact point.
An individual is only entitled to their own personal data, and not to information relating to other people.
What has changed?
Data Subject Access Requests aren’t a new requirement for organisations, however, regulations like The GDPR have introduced some changes that make responding to them more challenging for organisations.
- Organisations operating under The GDPR and CCPA are no longer entitled to charge a fee for processing a request of personal information. (Organisations are entitled to charge a reasonable administrative fee for additional copies requested by the data subject, or if requests are excessive.)
- Organisations operating under The GDPR and CCPA now have a shorter period of time to respond to requests for personal information. The GDPR (30 days) and CCPA (45 days)
Failure to respond to a Data Subject Access Request within the regulatory timeframe can expose organisations to the higher level of administrative fines: 20 million euros or up to 4% of annual global turnover, whichever is the greater amount under The GDPR and $7500 for intentional violations of CCPA.
Individuals have the right to obtain the following information from you:
- The purposes of your processing;
- The categories of personal data concerned;
- The recipients or categories of a recipient you disclose the personal data to;
- Your retention period for storing the personal data or, where this is not possible, your criteria for determining how long you will store it;
- The existence of their right to request rectification, erasure or restriction or to object to such processing;
- The right to lodge a complaint with the ICO or another supervisory authority;
- Information about the source of the data, where it was not obtained directly from the individual;
- The existence of automated decision-making (including profiling); and
- The safeguards you provide if you transfer personal data to a third country or international organisation.
Managing and fulfilling Data Subject Access Requests can be an administrative nightmare for data controllers. Often enterprises have various databases, systems and platforms that they use to hold personal data. Finding this data within the certain allocated timeframe, dependent on region, can be challenging for an organisation to fulfil. Requesting information from the multiple departments, then being notified when this information has been sent and being able to decline/accept this information for processing this request outside of a central platform, is challenging for the most competent data controller.
Gain control of DSARs, by having one platform that allows you to have a full view of all data subject access requests.
Regulation is constantly changing, and this can cause challenges for organisations. Those operating in multiple regions, will need to comply with multiple legislations. Regulation is based on where the data subject is located, not necessarily where your operation is based. As an organisation you will need to be able to manage Data Subject Access Requests of subjects located in different regions and comply with the right of access timeframes. Legislations i.e. The GDPR (30 days) and CCPA (45 days) both have different timeframes for processing requests. This can become challenging when new regional regulations are introduced as well as when current legislations change.
Having one central platform for managing all DSARs is an efficient and effective way to manage and process global data requests.
Consumers are becoming more aware of how their data is being used and ultimately how valuable it is. As consumers become more aware, there is likely to be an increase in Data Subject Access Requests which could impact business operations as well as cause an unnecessary drain on resources. The organisations that are ethical, responsible and accountable for their data subject’s personal information are the organisations who are likely to differentiate their brand from the competition, especially over the next 12-18 months as more regulations i.e. CCPA, ePrivacy, come to fruition.
Providing data subjects with direct access to their personal data through a portal could reduce the volume of requests for access.Public Portal
Our solution prepares your organisation to effectively manage, process and deliver on the data requests that you receive, through one central, secure platform
Consolidating Data Subject Access Requests into one central platform enables you as an organisation to have complete control of the process from the initial request being raised to delivering a copy of the personal information to the data subject. Fully auditable and compliant with regulations such as The GDPR and CCPA, our solution allows for complete internal and external transparency of the DSARs process.
‘Ability to track, review, reopen and approve the requests through one central secure platform.’
- Secured Information - Only accessible via secure links and access codes, allowing for management control.
- Centralised Requests - One central platform for managing all SARs request, no matter what region the subject is from.
- Clear Communications - Real time notifications for clear communications on the request both internally & externally.
- Consumer Transparency - Data subjects can track the progress of their request for complete transparency.
- Fully Auditable - Users are given unique ID’s for full trackability of what information has been added to the request.
- Enhanced Reporting - An interactive dashboard for full reporting on requests per region, requests in progress and requests completed.
Cassie & DSARs
There will always be a requirement for your organisation to respond, effectively to a DSARs, unless regulation changes, however, providing data subjects with direct access to their personal information through a secure platform, will remove the volume of requests your organisation receives.
Enhance your DSARs process by introducing Cassie’s Public Portal which will enable your data subjects to change, update and manage their personal information, as well as have control and choice over their communication preferences.Meet Cassie
Syrenis software is trusted by and powers leading enterprises and governments across the globe