When a customer wants access to the personal data your company has collected on them, they have the right to submit a DSAR, or data subject access request. Your company must comply promptly. Here’s a quick look at what should happen when your business receives a DSAR.
The process begins when a customer submits a request to access their personal data. Privacy regulations place no restrictions on how or when these requests can be submitted. However, most customers (and companies) prefer that the request be in writing for recordkeeping purposes.
Once the request has been submitted, the company is obligated to respond in a timely and satisfactory manner. The DSAR process consists of these steps:
Companies can appoint a data privacy officer (DPO) to handle DSARs. However, relying on a single person is not a realistic solution for larger companies with lots of data and more than a few dozen DSARs per month. These companies will find more success in a partially or fully automated DSAR response setup. Think of a well-designed DSAR system as a type of business insurance—it reduces potential costs from future complaints and helps protect your and your customers’ reputations.
Remember, regardless of your exact DSAR setup, one principle holds true: document everything. You need to be able to prove that you complied with the law and made a good faith effort at every step of the process.
There’s no one answer to this question because every company handles DSARs differently. Sources of DSAR costs include:
All of these costs hinge upon how many DSARs are submitted in a specific period of time and how long each takes to complete.
A well-designed and fully automated DSAR process offer significant value in the first step of this process. Handing tasks over to a computer program obviously saves money on salaries. But more importantly, an automated setup can reduce your chances of having to deal with legal fees or fines. Lawyers are less often required when the DSAR process runs smoothly. Better yet, handling a request promptly and professionally significantly reduces your risk of facing fines from privacy authorities.
Increasingly privacy-savvy customers place DSAR requests on a fairly regular basis. Fortunately, this doesn’t have to put an unreasonable burden on your privacy team. 4Comply, our signature privacy compliance software, can take the lead and guide your team through the DSAR process. Get in touch today for a demo.
This is an excerpt from our newest white paper, “DSARs: Costs & Solutions”. Download and read the full white paper here.