DSR automation, the right way.

<- Back to all Blogs
3 min Read Read   |  Published: Tue Jan 5 2021
Two years on from the GDPR businesses should by now be familiar with the concept of Data Subject Access Requests (DSRs) – the basic rights and transparency afforded to consumers with respect to how their data is processed. The GDPR, for example, outlines a number of rights for data subjects, including data portability, access, erasure and rectification. However, businesses may well have less experience when it comes to successfully and efficiently managing DRS in a cost-efficient and timely manner (Requests must be completed within 15 days for the LGPD, 30 days for the GDPR, and under 45 days for the CCPA). However, as well as having the necessary infrastructure to allow consumers to submit DSRs, when it comes to the actual handling of requests, businesses must also have the ability to first understand and evidence their own data processing activities – the ‘who, what, where, why, when’. Both of these processes – the handling of the DSR and identifying the data – can be laborious, manual and costly without the right Privacy Platform in place. This article will explore some of the processes and tools to ensure best-in-class compliance by automating DSRs to save your businesses time, effort and money.
Let us begin with a quick overview of a DSAR, also called a Subject Access Request (SAR). Article 15 of the GDPR outlines the basic rights afforded to data subjects with respect to understanding how and why a data controller processes their personal information. Specific details include the purpose of processing, outlining special categories of personal data, processing duration and/or retention periods, and must provide clear steps should data subjects wish to rectify, erase, restrict or object to a particular data processing activity.

Knowledge is everything.

Key to providing an efficient and successful DSR management programme is to first understand how data is processed, as well as any relevant contextual information – the ‘who, what, where, why, when’ around your personal data. This includes the data types held, the data subject ID, the purposes and durations of processing, and any additional and relevant contextual metadata. By creating a single source of truth for this Privacy data, businesses not only improve their own understanding of data and their rights to process it, but in doing so simplify any DSR process should customers wish to exercise their rights.

To learn more about how to create a single source of Truth for Privacy, request a demo of Trunomi’s TruPrivacy Platform.

So, how best to provide access to customers?

Trunomi’s ‘My Data Portal’ is purpose-built to enable businesses to provide a self-service, fully branded, customer-facing Portal through which data subjects can submit DSRs, make Consent & Permission opt-in / opt-outs and benefit from greater transparency and control with respect to how their data is processed. As well as providing a consistent customer experience, the Portal can also be embedded into any customer touchpoint (e.g. website or mobile application).

Reduce time and costs: Privacy-driven automation.

Further cost and time savings can be made by converting manual processes into automated workflows. Trunomi enables businesses to configure and trigger automatic, pre-defined processes to automate the fulfilment of Data Subject Access Requests and even trigger the actions taken, e.g. deletion, masking, or archiving of data. As well as driving efficiencies through the automation of DSR fulfilment, Trunomi also automatically produces audit-ready records of DSRs, enabling the business to easily prove the compliant handling and completion of requests to customers and regulators, while meeting its regulatory obligations in a timely manner. Trunomi solves DSRs in the following steps:
  • Populate ‘My Data’ Portals, using patented technology: embed Trunomi’s customer portals anywhere and populate them with relevant, real-time information for your customers on their data and processing.
  • DSR Submission via the Portal: Data subjects submit their requests against specific data sets via the Trunomi ‘My Data Portal’.
  • Automatic Flagging of Data: Following a DSR-submission, Trunomi can automatically flag the corresponding data set, whilst also notifying the relevant business stakeholder to take action. Deadlines for handling the DSR (GDPR 30 Days, CCPA 45 Days) can be automatically tracked and monitored.
  • Locate Data using Data Pointers: Trunomi’s patented Data Pointers enable businesses to locate the source location of a data set, in order to take the necessary action.
  • Automated DSR Fulfilment: Pre-defined rules and processes set by your businesses can ensure the efficient and automatic fulfilment of the DSR.
  • Trunomi Dashboard and Reporting: Trunomi’s Dashboard enables organisations to monitor DSRs and provide a breakdown of metrics to reduce costs and prove compliance.

Crucially, Trunomi is built to wrap around your business’s specific user journeys and workflows, and is fully customisable to help you meet your regulatory requirements with zero-disruption to existing data flows and systems.

To learn more about how Trunomi solves Data Subject Access Requests, request a demo at info@trunomi.com.