A Major Milestone for Osano...and the Industry
When we founded Osano, our goals were ambitious. We wanted to...Read Now
December 9, 2022
With more and more data privacy laws coming into effect with some form of subject rights as part of their regulation, companies need help processing data subject access requests (DSAR) now more than ever.
But receiving, responding to, and managing DSARs is easier said than done. When you process data from millions of people, a DSAR can feel like a daunting task. Luckily, there are ways to make handling these requests simpler.
In this article, we’ll cover the features of DSAR software and platforms and what organizations need to know to find the best one for their company.
The first step in exercising these rights is submitting a DSAR. Upon receiving such a request, organizations must respond as soon as possible by providing the person access to their personal data.
There are two exemptions:
Before discussing DSAR software options, let’s take a quick look at the steps needed in an ideal access request.
This is where a DSAR platform can help. We'll start reviewing the software options by discussing what organizations have used in the past and what's available to them now.
Now that you know what a DSAR is and what the process of responding to one could look like, it’s time to discuss DSAR software. When it comes to DSAR software, you have three options: using pre-existing tools( like spreadsheets and email), building your own solution, or buying one.
For many companies, their first foray into responding to DSARs is using tools they already have—like email for getting the initial request and communicating with data subjects and spreadsheets for tracking the request and tracking down the data itself. There are a lot of problems with this solution:
So, if you’re not using your pre-existing tools, what’s next? Building your own may sound like an affordable, more attractive alternative. You know your processes, and your company, so why not build an in-house DSAR platform that answers all of the issues listed above?
This option has its downsides. Firstly, you’ll need an entire team to build the product. You'll need IT and data specialists who can connect your new software to all of the available databases your company currently uses, as well as lawyers or privacy analysts who know the ins and outs of all the laws you need to comply with. Software built in-house will also need ongoing maintenance, not just from a functional point of view, but also to keep up with any legal changes.
In other words, building your own software isn’t always the best, the easiest, or even the cheapest solution.
A DSAR automation solution can save you a lot of trouble. Privacy management companies are focused on helping you stay compliant. They’ll be faster at keeping up with legal changes and usually, updates are included in the price.
But not every DSAR solution looks the same. There are a few features you should look for, such as:
The data subject access request software you choose can make up the difference between a successful process and one prone to errors (which put you at risk of being out of compliance). Here are some things you’ll need to remember as you consider the right software.
It may be tempting to think that once you have your DSAR software, it will do all the work for you. Yes, a good platform can automate a lot of processes and make things easier. But it can’t replace people altogether.
You should never give 100% control over the DSAR process. Try to keep an eye on things like verification, approval, and denial of requests and other places where human intervention may be necessary to ensure people can exercise their rights. Accidentally denying a DSAR might cost you millions of dollars, so don’t let your software make all the decisions.
A common mistake when using DSAR automation is failing to aggregate all the personal data you collect. So before using such a solution, take time to look at all the places where you store data and tie them in with your software.
Reading the previous two sections, you might start wondering if automation is worth it to begin with. Blindly relying on a DSAR platform can set you up for failure. But so can trying to do everything manually.
DSARs can be time-consuming. Finding a tool that can automate processes like taking requests, doing basic validation, acknowledging the request, and responding to basic access requests will be a real lifesaver.
It will make the process smoother and give you and your team time and space to focus on the more difficult part of the process: ensuring all data subjects can exercise their rights.
Under many regulations, such as the GDPR, allowing users to opt-out of things like profiling and automated decision-making is a must.
This can be one of the most challenging aspects of a DSAR. So as you’re setting up your privacy platform ask yourself—do potential or current customers have the option to opt-out of certain data processing activities? If the answer is no, you have some work to do.
DSARs allow people to exercise their rights to access, information, deletion, portability, and more. Any person can submit an access request at any time. Upon receiving a DSAR, an organization needs to respond as quickly as possible.
The DSAR process can seem difficult, but it doesn’t have to be. DSAR software can help you automate most of it and help you stay compliant with regulations worldwide by allowing data subjects to exercise their rights.
While DSAR solutions don’t replace human intervention, they allow you to focus on the most difficult parts of the process.
Osano’s unified Data Discovery and Subject Rights platform will help you automate data subject rights requests. Users can easily submit their requests while offering a simple way for you to verify their identity. Our DSAR software can also assign tasks to the appropriate people, and deliver all the results in the required timeframe. Sign up for a demo today.
If a customer asked for all the data your company has on them today, would you know what to do? Our ebook can help!Download Now
The Osano staff is a diverse team of free thinkers who enjoy working as part of a distributed team with the common goal of working to make a more transparent internet. Occasionally, the team writes under the pen name of our mascot, “Penny, the Privacy Pro.”