eDiscovery
Data Subject Access Requests (DSAR)
CYFOR provides the industry’s leading end-to-end DSAR service, significantly reducing the time it takes to prepare and conduct appropriate responses to Data Subject Access Requests. Backed by advanced customer success programs and the worlds fastest data processing power, CYFOR is the trusted choice for organisations around the world.
Utilising cutting-edge forensic processing software, bespoke DSAR workflows and advanced document review technology, we can efficiently identify, search, filter, redact and provide a focused data set for review. This GDPR compliant workflow is efficient, forward-thinking and cost-effective.
What are Data Subject Access Requests?
Data Subject Access Requests (DSARs) are made by individuals who want to obtain details on the type and extent of personal information an organisation holds about them. Data Subject Access Requests also help individuals understand how, why and when organisations use their data. An individual can submit a DSAR either verbally or in writing and a request can be made to any part of an organisation. A DSAR does not have to be directed to a specific person or point of contact and the recipient must respond to the request within 30 days.
The DSAR Problem
Privacy laws such as the General Data Protection Regulation (GDPR) and the 2020 California Consumer Privacy Act (CCPA) are constantly increasing awareness around personal data protection and individual privacy rights. The demand placed on organisations to comply with such privacy laws is now considerable, and complying is becoming increasingly more difficult, costly and time-consuming.
Data Subject Access Requests are often tactically deployed when there is an ongoing dispute; for example, during an employment tribunal. There has been a significant rise in DSARs since the GDPR, as well as an influx in complaints to the UK’s Information Commissioner Office (ICO) because requests have not been dealt with in the appropriate timescale, or the requested documentation has not been provided at all.
The DSAR Solution
With GDPR in full effect, many organisations are having to adapt by implementing new internal guidelines and procedures, but significantly fewer organisations have explored new assistive technology to deal with Data Subject Access Requests efficiently and effectively. Aside from the internal technological requirements and commercial impact felt when handling DSARs in-house, in our experience, no request is the same, and if completed correctly the process is rarely straightforward.
Subject data is often buried within everyday business communication which is difficult to locate. CYFOR’s advanced online review technology is specifically designed to search, filter and process large volumes of electronic data.
CYFOR’s end-to-end DSAR solution
Respond sooner, reduce risk, and meet obligations with unrivalled visibility into your DSAR data.
The DSAR Journey Timeline
PHASE 1: Consists of two main steps, first, collating all relevant data from our clients’ systems and then, securely transferring the bulk of data to us. Data collation can be done in-house, where our clients choose to find and extract the relevant subject information from their systems themselves. If they require assistance with this, our data protection partners can be instructed to help with finding all information relevant to the request. Once the bulk of data has been collated, it will then need to be sent to us, and this can be done using a number of secure methods. These include secure file transfer protocol (S-FTP), remote data collection or a secure courier service.
PHASE 2: Consists of two steps; firstly, structuring the data to ensure that it is in a searchable format, and secondly, reducing the data size by using the below filtering techniques and search types:
- De-duplication: the removal of duplicate documents.
- Email Threading: providing the single email conversation that starts with an original email and includes all the subsequent replies and forwards pertaining to that original email.
- Date Range: For example; the date relating to the data subject’s employment.
- Key Words: CYFOR can run any word as a search term. For example, HR, Dismissal, Payroll.
- Custodians: CYFOR can search for the data subject’s personal information such as Names, Emails, Home Address, NI and Banking information.
- File Types: CYFOR can search across files and document types such as Emails, Microsoft, Word, Excel, PowerPoint.
PHASE 3: Once the data size has been reduced, it is then uploaded onto our specialist online DSAR platform, which is where the review is done. If any of our clients are unable to carry out the review process themselves, then our data protection partners can be instructed once more. They will use their well-trained and highly skilled team to conduct an accurate review of every page of information, and code/tag the content of each document according to relevance and confidentiality (personalised coding options available). Throughout this stage, our partners will provide daily status updates on the progress of the review, and once complete, the final coded documents will then be re-reviewed for quality assurance.
PHASE 4: Once the review is complete, CYFOR will produce the disclosable documents, ready to deliver to the data subject. Typically, we will produce the documents as non-searchable PDF’s, to ensure all redactions are burnt-in correctly. CYFOR will then upload the documents back onto our Secure File Transfer Protocol (S-FTP) for our clients to download.
Why CYFOR?
Incorporating advanced keyword filtration technology, data analytics and machine learning, our platforms can search across any of your chosen systems allowing us to easily locate, extract, organise, filter, redact and review data from any data source.
Our solution ensures that confidential business information is protected and that only the correct and appropriate information is disclosed.
“CYFOR managed to turn things round in a very short timeframe and had a can-do approach which made the whole DSAR process run smoother.” – Linklaters LLP
- We can recover the information you require within the 30-day deadline;
- Any relevant documents containing legally privileged information can be digitally redacted;
- Easy-to-use platform for the review of documents;
- Specific search keywords can be applied to the data for efficient identification;
- Our experts provide full support throughout the duration.