Once implemented, a DSAR (data subject access request) system can take several forms. Let’s look at the four most common: fully manual, workflow-driven manual, hybrid workflow, and fully automated.
Privacy Team: Fully Manual
The first implementation option we’ll look at excludes automation altogether. Every step of the process, from the initial form submission to the final provision of data, is conducted by a human.
The most obvious advantage of a fully manual DSAR setup is its relative simplicity. There’s no need to write code, program certain actions, or deal with software much beyond the request form and emails. It also doesn’t inherently require a huge team of privacy managers, instead centralizing on a single person or small group of people. A small business with a low number of DSARs may be able to get by with a manual system.
While centralizing tasks on one person or a small team can provide some benefits, there are also downsides to this approach. For instance, employees may experience issues like sickness, existing workloads and priorities, or turnover, which can negatively impact their work. Unfortunately, DSARs will continue to arrive regardless of any problems within the privacy team. In such circumstances, mistakes are more likely to occur, with new DSARs arriving and old ones approaching their deadlines. Since a fully manual process can be challenging to track, it may be also difficult to identify where the errors occurred.
Centrally Managed Workflow with Manual Processing
Another approach to managing DSARs involves using software to manage the workflow, but without integrations with other systems. This approach provides an excellent opportunity for companies to improve on a fully manual system by adding some additional capabilities. This can be particularly beneficial for companies that do not have the resources or time to build a fully integrated program right away.
Like any DSAR, the first step is for the customer to submit a request form. This submission triggers the system to notify a person or persons to start working on the request. This method is often referred to as “Human in the Loop” as it combines automation and people seamlessly. The person then completes the request, either on their own or by delegating tasks to others, such as gathering and returning the data, and notifying the system when the task is complete. Partially automating the DSAR approach can help speed up the entire process, reducing the customer’s waiting time to between a few days and a few weeks to receive their data. From the company’s perspective, the inclusion of a managed workflow ensures that every step is fully tracked and auditable.
The downside of this approach is requiring people to perform much of the work. While the workflow can route the request to the appropriate person, they must still perform the work. It also increases the potential for errors and delays.
Fully Automated System
A fully automated and integrated solution offers numerous benefits. Firstly, automation reduces the time and effort required for manual data processing, resulting in faster response times, improved compliance, and enhanced customer satisfaction. Secondly, automation can lead to significant cost savings by reducing the need for manual processing and minimizing the risk of errors. Thirdly, automated solutions ensure accuracy and consistency in processing DSARs, enhancing the reliability of results. Fourthly, automation can scale to process large volumes of requests, ensuring that businesses can manage requests effectively and efficiently as their volume grows.
The downside of this approach is the time and resources required to fully integrate systems. Some systems may be old and difficult to integrate with, or are scheduled for retirement and their replacement won’t be available until later.
Hybrid Solution Combining Integration & Humans in the Loop
A hybrid solution combines the advantages of system integration and human involvement, allowing companies to choose which steps of the DSAR process are automated and which are best handled by human intervention. This approach allows for more efficient processing of requests, reduces costs, and minimizes errors. However, it also provides the flexibility to involve human experts in steps that are difficult or costly to automate.
A hybrid approach is a powerful solution that leverages the strengths of both a centrally managed workflow with manual processing and system integration. It provides flexibility to tailor the solution to their needs while maintaining a high level of efficiency and compliance.
4Comply: Automated Rights Fulfillment & Data Requests Management
Our signature privacy compliance software, 4Comply, is designed to be easily integrated with any system your company may already be using to store personal information. It can also be configured to support workflow-focused manual processing by humans, a hybrid solution of system integration and manual processing, or a fully integrated system. The degree of integration depends entirely on your company’s schedule and resources to build your ideal solution.
This is an excerpt from our newest white paper, “Data Subject Access Requests: Costs & Solutions”. Download and read the full white paper here.