Effectively responding to Data Subject Request Management (DSAR) as required by regulations such as GDPR or the CCPA requires a complete solution that covers the entire process:
Dynamic Consumer/Requestor Portal – including ability to automatically verify identification of the requestor
Process Orchestration/Workflow
Ability to find, collect, review, redact and fulfill the request
Harmonization with Legal Hold and Regulatory Retention Obligations
Centralise and standardise how requests are managed
Demonstrate GDPR compliant subject access request management
Reduce the cost and administrative burden of manual processes
Generate operational efficiencies
Accelerate the time from request receipt to fulfilment
Ensure a positive customer/requester experience
Send files of any size - reduce costs e.g. USBs
Full audit and compliance reporting
Efficiently and effectively manage Data Subject Access Requests and consolidate all consumer requests into one centralised portal.
Meet the requirements of regulations like The GDPR Policy Template and CCPA with a centralised solution for managing Data Subject Access Requests. Easily manage and process requests from multiple regions and deliver personal information effectively to your data subjects.
For example, operating under The GDPR and CCPA, there is no longer a charge fee for processing a request of personal information. Organisations are entitled to charge a reasonable administrative fee for additional copies requested by the data subject, or if requests are excessive. There is also now have a shorter period of time to respond to requests for personal information, for example; The GDPR (30 days) and CCPA (45 days).
Data subjects’ are becoming more aware of how their data is being used and ultimately how valuable it is. As data subjects’ become more aware, there is likely to be an increase in DSARs which could impact information security policy for small business operations as well as cause an unnecessary drain on resources. Organisations that are ethical, responsible and accountable for their data subjects’ personal information will be more likely to differentiate their brand from the competition. Providing data subjects’ with direct access to their personal data through a portal should reduce the volume of requests for access.
Privacy regulations like the GDPR, CCPA, and LGPD mandate that organizations must be able to provide personal information collected on consumers when requested. Due to variations in country laws, responding to requests can be complicated and time-consuming for businesses.
TrustArc Individual Rights Manager scales with your business and automates the data subject request lifecycle. With the ability to configure automated workflows, combined with our unique privacy intelligence solution, organizations can dynamically assess requests and securely deliver accurate responses, all within the required regulatory timeline.
This form applies to EU subjects under General Data Protection Regulation. All data access requests should include the completed form along with all the signatures and supporting documentation. Incomplete requests are not honored. Forward all requests to University of Alaska - Data Protection Officer.
GDPR Subject Rights
Data subjects have, among other rights, the right to access PII held by organizations; to understand how it is processed and to whom it is disclosed; and to request correction or erasure of PII (under certain circumstances). Click here to access Subject Data Access Request Form
UA follows the steps below;
Step 1: Data subject requests access to, rectify or erase PII
Step 2: Data Privacy & Compliance Officer (DPCO) team verifies subject identity
Step 3: After data subject validation, subject access request is provided to Records Managers for execution to locate records
Step 4: DPCO and Records Managers access, review and produce data to subjects.
When it came into force in May 2018, the EU’s GDPR was hailed as giving individuals greater control of their data Protection impact assessment. As such, Subject Access Requests (SARs) were updated to become Data Subject Access Requests (DSARs), with new requirements designed to make it easier for individuals to access information that organisations held about them; organisations could no longer charge a fee for DSARs and responses would have to be made within 30 days instead of 40 days. Unfortunately, it has been shown that some organisations are woefully underprepared for the number of requests they have received and are struggling to respond within the legislated timeframe.
Finding and collating all the relevant information about an individual, then responding by sending them their data, deleting it, or both, all within 30 days is a considerable task. This is made all the more complicated by the fact that many organisations are holding onto information about the individual that they no longer need to be.
The Varonis 2019 Global GDPR training Risk Report found that nearly nine out of 10 companies had more than 1,000 stale sensitive files, while seven out of 10 had over 5,000. These are files that could contain information pertaining to a specific individual, but are no longer in use. This has two clear drawbacks for those trying to track down information. The first is that this presents hundreds, if not thousands, of extra files that have to be trawled through, adding a time burden to what is already a tight deadline. The second is that those doing the searching might not be aware of this information, or if they are, it could be so old that it does not conform with the organisation’s current naming conventions, making it more difficult to search.
If you don’t have a well-built process to deal with Subject Access Rights (SRR, DSARs), it can turn into a nightmare. Save your business from risk, unnecessary costs and resources wasted with our DSAR Ticketing System.
DSAR Ticketing System allows for an easy, automated response to DSARs. Connect an API from your organization to our system, and DSAR Ticketing System will give the customer all they need within minutes. This saves an enormous headache for your company and eliminates risk to your company.