eDiscovery
Data Subject Access Requests (DSAR)
CYFOR provide an end-to-end solution that streamlines the DSAR compliance process. Our service electronically automates and simplifies the DSAR workflow, which significantly reduces the time it takes to respond to a Data Subject Access Request.
What is a Data Subject Access Request (DSAR)?
A Data Subject Access Request is made by individuals who want to obtain details on the type and extent of personal information an organisation holds about them. DSARs also help individuals understand how, why and when organisations use their data. An individual can submit a DSAR either verbally or in writing and a request can be made to any part of an organisation. A DSAR does not have to be directed to a specific person or point of contact and the recipient must respond to the request within 30 days.
The DSAR Problem…
Privacy laws such as the General Data Protection Regulation (GDPR) and the 2020 California Consumer Privacy Act (CCPA) are constantly increasing awareness around personal data protection and individual privacy rights. The demand placed on organisations to comply with such privacy laws is now considerable, and complying with DSARs is becoming increasingly more difficult, costly and time-consuming.
DSARs are often tactically deployed when there is an ongoing dispute; for example, during an employment tribunal. There has been a significant rise in DSARs since the GDPR, as well as an influx in complaints to the UK’s Information Commissioner Office (ICO) because requests have not been dealt with in the appropriate timescale, or the requested documentation has not been provided at all.
The process of identifying and producing relevant personal data can take huge amounts of time. To comply accurately, the response of a request can require the following:
- Correspondence with the data subject;
- ID verification/validation;
- IT searches for data;
- Review of potentially thousands of documents;
- Redaction or exclusion of information that is privileged;
- Redaction or exclusion of information that relates to third parties;
- Redaction or exclusion of information that falls under an exemption set out in the GDPR;
- The whole process must be completed within 30 days of receipt and verification.
The DSAR Solution…
With GDPR in full effect, many organisations are having to adapt by implementing new internal guidelines and procedures, but significantly fewer organisations have explored new assistive technology to deal with DSARs efficiently and effectively. Aside from the internal technological requirements and commercial impact felt when handling DSARs in-house, in our experience, no request is the same, and if completed correctly the process is rarely straightforward.
Subject data is often buried within everyday business communication which is difficult to locate. CYFOR operate bespoke and customised technology which allow us to easily locate, extract, organise, filter, redact and review data from any data source. Our solution ensures that confidential business information is protected and that only the correct and appropriate information is disclosed.
We have invested in advanced online review technology specifically designed to search, filter and process large volumes of electronic data. Incorporating advanced keyword filtration technology, data analytics and machine learning, our platforms can search across any of your chosen systems to recover the information you require. We can also digitally redact any relevant documents that contain legally privileged information.