How to handle a data subject access request without looking for a single file!

Blog
A lot has happened since the GDPR first took effect. Corporate focus on compliance is increasing, but one main issue is still salient for a lot of organizations: compliance can be time-consuming, labor-intensive, and even costly. But it doesn’t have to be. Let’s explain.
Table of Contents

TL;DR

As new privacy laws proliferate and awareness increases, a growing number of individuals will exercise their data privacy rights.

Precedent states that organizations cannot reject data subject access requests (DSARs) on the basis of not having the requisite tools, time or capabilities to comply.

AI-driven and purpose-built automation tools make it possible for organizations to comply with DSARs automatically, without having to spend hours looking for the files.

The state of Data Subject Access Requests

More than four years have now passed since the GDPR officially came into effect on May 25, 2018.

A lot has happened since then.

Many are now at a place on their compliance journey where they have written policies, formulated procedures, and they have put in place the processes that had to be put in place.

But the journey isn’t even close to being over.

What an increasing number of businesses are realizing, is that the procedures and processes need constant revision.

When it comes to responding to, and complying with DSARs, most businesses still rely on manual processes to find personally identifiable information.

That works perfectly fine for some, but not for most.

And why is that?

Consider the amount of work that is associated with complying with a DSAR.

You must look through every single file, across every company system, to determine if it contains personally identifiable information about the data subject exercising their right of access.

If it does, you ought to take note in an Excel sheet to document where the file is, what the file name is, when it was last modified, what categories of personal data it contains, for which purposes it is being processed, and so forth.

Imagine doing that for millions of files, while trying to coordinate with other departments doing the same thing.

Not a particularly fun task, is it?

Can I continue to manage DSARs manually?

If you wish to do so, no one can stop you.

But it’s not recommended.

GDPR is just one of multiple data privacy laws. You also have CCPA, LGPD, and more are coming.

As new data privacy laws proliferate around the world, awareness will increase, and consequently result in a rising number of individuals who will exercise their data privacy rights.

So, in short, you can certainly expect to receive a rapidly increasing number of data subject access requests in the near future.

This makes reliance on manual processes highly unsustainable if you wish to be considered a data ethical organization, and a responsible custodian of personal data.

How can automation help me comply with DSARs?

Imagine 200 cardboard moving boxes in front of you; all filled to the brim with pictures, old letters, and documents.

Now imagine you are tasked with finding that one letter you sent from a summer holiday ten years ago – and you don’t know which box it lies in.

You must look through every letter in each box.

Let’s assume there is an average of 100 letters in each box, meaning you must look through 20,000 letters.

The odds of you finding that one letter on your first try is less than 0.006%.

You might get lucky and find it instantly. Statistically speaking, that is very unlikely.

Sure, you can have as many tries as you’d like, and eventually, you will find the letter. But think about the time and effort that goes into looking through everything.

Although DSARs generally don’t relate to cardboard moving boxes, the concept is the same – except it is digital, and the scale is significantly larger.

Data Discovery and the GDPR - what is personal data?

How does this relate to automation?

If you had the option to simply click one button and automatically find and retrieve that one letter instantly, wouldn’t you prefer that?

That would be an option with a purpose-built DSAR automation tool like Data Subject Request by Cookie Information.

It allows you to automate the entire DSAR process from intake to completion, ensuring reliable, scalable, and sustainable compliance.

So I won't have to spend time looking through files?

That is correct.

Data Subject Request by Cookie Information seamlessly connects and integrates with the systems you use, e.g. Google Suite, Slack, Dropbox, Microsoft, CRMs, and databases.

Through intelligent machine-learning models, the software identifies all relevant PII pertaining to the data subject, without you having to look at a single file.

Lean back and watch your new DSAR automation tool ensure compliance, with any given data subject access request, effortlessly!

What are the benefits of automating data subject access requests?

A radical reduction in costs associated with responding to DSARs.

By automating the process from start to finish, you help your organization and colleagues alleviate the pain of time-consuming work by letting the software do the heavy lifting.

AI data mapping to find personal data across systems

Are there security gains in using Data Subject Request by Cookie Information?

Yes, absolutely.

Instead of burdening multiple departments with the task of identifying PII and sending it to whoever is assigned to be the lead of the given DSAR, you collect everything in one single platform.

What often happens in the first scenario, is that people send all sorts of personal data to each other.

By accumulating personal data, you risk wrongfully exposing it. That can be fully avoided by having it all gathered in one place, so departments don’t have to send, share or modify access permissions.

Also, expecting one person to be able to manage everything is beyond unrealistic, particularly if the reliance is on manual workflows.

Automate your way to DSAR compliance!

Data Subject Request by Cookie Information, helps you to automate your intake and fulfillment of DSARs, so you don’t ever have to spend time looking for a single file.

Adopting a purpose-built automation tool improves transparency, enabling you to easily track all requests and prioritize resources appropriately.

It helps you discover and retrieve relevant personally identifiable information whilst simultaneously preserving its integrity.

This makes compliance a piece of cake – it prevents financial and compliance risks, without undue delay.

Data Subject Request

Respond to a Data Subject Request within the required 1-month period without going through thousands of files and folders yourself. Automate your DSR processes.