Responding to a Data Subject Access Request (DSAR) can be complex, time consuming and expensive. Egnyte simplifies and speeds the process of finding the personal data collected on any individual throughout your organization’s lifetime, decreasing your cost and enabling you to meet the strict deadline requirements.
A person has the right to know what personal data an organization has collected about them. With Egnyte, you can scan cloud and on-premises repositories to identify the requester’s personal data within various files, e.g. files containing passport number, DOB, name references, email address, etc., and notify the requester when this personal data is available and ready to be dispatched if required.
A person has the right to request and receive all the personal data that a company has collected on them, and obtain a copy of their personal data. With Egnyte, you can find and sanitize the files to make sure that no one else’s personal information is included, get confirmation that the right data is included, and send machine-readable files to the requester.
A person has the right to request that an organization securely erase any personal data collected about them. Egnyte scans cloud and on-premises repositories to find files containing personally identifiable information (PII). You can then delete or modify the files to comply with information security policy template uk If some of the files are protected by a content retention policy, an IT Admin can override it to delete the relevant personal data within them.
Data Subjects have the right to know if your organisation is processing their personal data, and if so, to be provided with a copy of such personal data, along with other supplementary information regarding the nature and scope of the processing. Whilst the latter of which should form part of your data protection policy template /Notices, the provision of copies of personal data can pose its own problems.
It is important that such requests are handled fairly, ensuring that the application of these rights do not undermine other obligations on you, such as preserving the data protection or privacy rights of third parties, preserving any confidential duties, ensuring compliance with law enforcement activity, social work etc. and so on.
The provision of copies of data subjects’ personal data can often create further challenges and questions, such as:
What if their personal data was provided to you in confidence, such as from a confidential informant?
What if their request is going to be time consuming or particularly voluminous?
What if someone else is requesting it on behalf of them?
What if it concerns a child?
What if it contains the names of other staff or staff from other stakeholders?
These, amongst others, are considerations that need to addressed as part of your DSAR response.
This detailed downloadable guide will walk you through the journey of completing a Data Subject Access Request (‘DSAR’). Whilst it is not exhaustive or specifically tailored to your organisation, it is indicative of the general considerations you will be expected to address when dealing with a DSAR response, such as validating a requestor, how to acknowledge a request and how to physically redact information. The guide also includes a handy walkthrough checklist to assist you to complete each gdpr policy template as well as a series of templates to help you construct appropriate responses.
DSARs can be complex by their nature. It is not uncommon for professionals to have a variety of different views on how to approach DSARs (such as when redactions should apply). If you remain unsure, it is important that you seek further advise or guidance from a Data Protection Officer (DPO) or advice from a privacy specialist.
If you would like immediate assistance with a DSAR response, or any other data protection related issue you are facing, please contact us.