DSR automation, the right way.
Two years on from the GDPR businesses should by now be familiar with the concept of Data Subject Access Requests (DSRs) – the basic rights and transparency afforded to consumers with respect to how their data is processed. The GDPR, for example, outlines a number of rights for data subjects, including data portability, access, erasure and rectification. However, businesses may well have less experience when it comes to successfully and efficiently managing DRS in a cost-efficient and timely manner (Requests must be completed within 15 days for the LGPD, 30 days for the GDPR, and under 45 days for the CCPA). However, as well as having the necessary infrastructure to allow consumers to submit DSRs, when it comes to the actual handling of requests, businesses must also have the ability to first understand and evidence their own data processing activities – the ‘who, what, where, why, when’. Both of these processes – the handling of the DSR and identifying the data – can be laborious, manual and costly without the right Privacy Platform in place.
This article will explore some of the processes and tools to ensure best-in-class compliance by automating DSRs to save your businesses time, effort and money.
Knowledge is everything.
Key to providing an efficient and successful DSR management programme is to first understand how data is processed, as well as any relevant contextual information – the ‘who, what, where, why, when’ around your personal data. This includes the data types held, the data subject ID, the purposes and durations of processing, and any additional and relevant contextual metadata. By creating a single source of truth for this Privacy data, businesses not only improve their own understanding of data and their rights to process it, but in doing so simplify any DSR process should customers wish to exercise their rights.
To learn more about how to create a single source of Truth for Privacy, request a demo of Trunomi’s TruPrivacy Platform.
So, how best to provide access to customers?
Reduce time and costs: Privacy-driven automation.
- Populate ‘My Data’ Portals, using patented technology: embed Trunomi’s customer portals anywhere and populate them with relevant, real-time information for your customers on their data and processing.
- DSR Submission via the Portal: Data subjects submit their requests against specific data sets via the Trunomi ‘My Data Portal’.
- Automatic Flagging of Data: Following a DSR-submission, Trunomi can automatically flag the corresponding data set, whilst also notifying the relevant business stakeholder to take action. Deadlines for handling the DSR (GDPR 30 Days, CCPA 45 Days) can be automatically tracked and monitored.
- Locate Data using Data Pointers: Trunomi’s patented Data Pointers enable businesses to locate the source location of a data set, in order to take the necessary action.
- Automated DSR Fulfilment: Pre-defined rules and processes set by your businesses can ensure the efficient and automatic fulfilment of the DSR.
- Trunomi Dashboard and Reporting: Trunomi’s Dashboard enables organisations to monitor DSRs and provide a breakdown of metrics to reduce costs and prove compliance.
Crucially, Trunomi is built to wrap around your business’s specific user journeys and workflows, and is fully customisable to help you meet your regulatory requirements with zero-disruption to existing data flows and systems.