eDiscovery
Data Subject Access Requests (DSAR)
CYFOR’s DSAR Compliance Service significantly reduces the time it takes to prepare and conduct appropriate responses to Data Subject Access Requests, improving the accuracy of disclosable information and saving valuable team resource.
Utilising cutting-edge forensic processing software, bespoke DSAR workflows and advanced document review technology, we can efficiently identify, search, filter, redact and provide a focused data set for review. This GDPR compliant workflow is efficient, forward-thinking and cost-effective.
What are Data Subject Access Requests (DSARs)?
Data Subject Access Requests (DSARs) are made by individuals who want to obtain details on the type and extent of personal information an organisation holds about them. Data Subject Access Requests also help individuals understand how, why and when organisations use their data. An individual can submit a DSAR either verbally or in writing and a request can be made to any part of an organisation. A DSAR does not have to be directed to a specific person or point of contact and the recipient must respond to the request within 30 days.
The DSAR Problem…
Privacy laws such as the General Data Protection Regulation (GDPR) and the 2020 California Consumer Privacy Act (CCPA) are constantly increasing awareness around personal data protection and individual privacy rights. The demand placed on organisations to comply with such privacy laws is now considerable, and complying with Data Subject Access Requests is becoming increasingly more difficult, costly and time-consuming.
Data Subject Access Requests are often tactically deployed when there is an ongoing dispute; for example, during an employment tribunal. There has been a significant rise in DSARs since the GDPR, as well as an influx in complaints to the UK’s Information Commissioner Office (ICO) because requests have not been dealt with in the appropriate timescale, or the requested documentation has not been provided at all.
The process of identifying and producing relevant personal data can take huge amounts of time. To comply accurately, the response of a request can require the following:
- Correspondence with the data subject;
- ID verification/validation;
- IT searches for data;
- Review of potentially thousands of documents;
- Redaction or exclusion of information that is privileged;
- Redaction or exclusion of information that relates to third parties;
- Redaction or exclusion of information that falls under an exemption set out in the GDPR;
- The whole process must be completed within 30 days of receipt and verification.
The DSAR Solution…
With GDPR in full effect, many organisations are having to adapt by implementing new internal guidelines and procedures, but significantly fewer organisations have explored new assistive technology to deal with Data Subject Access Requests efficiently and effectively. Aside from the internal technological requirements and commercial impact felt when handling DSARs in-house, in our experience, no request is the same, and if completed correctly the process is rarely straightforward.
Subject data is often buried within everyday business communication which is difficult to locate. CYFOR’s advanced online review technology is specifically designed to search, filter and process large volumes of electronic data.
Incorporating advanced keyword filtration technology, data analytics and machine learning, our platforms can search across any of your chosen systems allowing us to easily locate, extract, organise, filter, redact and review data from any data source. Our solution ensures that confidential business information is protected and that only the correct and appropriate information is disclosed.
- We can recover the information you require within the 30-day deadline;
- Any relevant documents containing legally privileged information can be digitally redacted;
- Easy-to-use platform for the review of documents;
- Specific search keywords can be applied to the data for efficient identification;
- Our experts provide full support throughout the duration.