Consumers are becoming increasingly aware of the data that the organizations they interact with hold about them and, quite rightly, they expect that data to be managed in a responsible way.
This awareness is leading to an increased number of Data Subject Requests (DSARs) or Data Access Security Requests (DASRs) being received from individuals. It raises the question of how prepared organizations are in dealing with these requests, which are only likely to increase as consumers become more data conscious.
A Webinar hosted by BSI in October, ‘The cost of DSRs: How to manage and anticipate data subject requests’ provided some really useful guidance and advice for organizations to sharpen up their act in how they respond.
BSI co-presenters Inés Rubio, Head of Information Management and Incident Response, and Conor Hogan, Senior Information Governance Manager, covered some of the core principles that organizations should take on board. They also highlighted some of the risks of not being properly prepared to comply with requests.
Organizations need first of all to be aware that individuals have a fundamental right of access to data held about them. Data privacy and access to data is a really strong element of data protection and privacy laws around the world, with legislation such as GDPR Policy Template UK.
Requests come under three general headings; providing someone with a copy of data held about them; deleting data; and updating or changing data, for example, to make it more accurate.
Data Privacy Policy and Security Policy
Data is enormously valuable and strong data protection policy Template is essential to maintain the right to privacy. We believe that data collection and data processing activities should be conducted in accordance with the human rights principle of ‘doing no harm’. The respect and protection of personal identity is central to human dignity and human rights. Today, personal data privacy is an intrinsic human right and we respect fundamental human rights in data management. We believe that personal data could be processed without violating human rights.
Everyone has the right to protect their personal data. Such data must be processed fairly for specified purposes and on the basis of the gdpr cookie consent of the person concerned or some other legitimate basis laid down by law and guarantees that everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
Rights of Data Subject
You are entitled to:
Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
Request a rectification of your personal data: this right entitles you to have your personal data be corrected if it is inaccurate or incomplete.
Object to the processing of your personal data: this right entitles you to request that we no longer process your personal data.
Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
Policy Statement
We protect your personal data in accordance with applicable laws and our EU representative policies. In addition, we maintain the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure, or access, or accidental or unlawful destruction of or damage thereto.
We receive requests from employees, customers, suppliers, business contacts, shareholders and website users who request required information from Vakrangee via e-mail, over the telephone, or via email or in a person.