Data Subject Access Requests (DSARs) were first introduced in 1998, and digital technology has made requesting them easier over time. But it’s no perfect science.
In short, companies and organisations of all sizes need to know what they are, and what to do if you receive a DSAR. The problem is that incoming DSARs can become a hot potato and bounce around HR, legal, IT, data protection, compliance and even marketing departments without clear accountability or ownership.
The Information Commissioner’s Office (ICO) publishes a useful guide on preparing for subject access requests, with one of the requirements being that you carry out a “reasonable search for the requested information”. On top of that, the timeline to respond is one month.
So even if the Data Protection Officer (DPO) is ultimately accountable for the request, without the right processes or tools in place, finding the requested information can be a minefield. If you’re planning to ask IT, ask yourself how quickly they will be able to locate that information, or if they even have the tools to do so.
The risk of flying blind
According to Kingsley Napley, “technical support is frequently required to identify and review data, and legal input may be needed.” For example, if an ex-employee asks to see all emails and correspondence they were copied on over a two year period, this could be hundreds of thousands of emails, not to mention direct chats and team collaborations in platforms such as Microsoft Teams or Google Workspaces.
Data requests may not always be limited to DSAR cases. Enquiries include:
- One employee is accused of sexually harassing another via their organisation’s Microsoft Teams chats.
- Instances in which an organisation’s emails are being sent to an unusual address.
- A director suddenly starts getting lots of unsolicited calls from recruiters.
- A firm’s customers start being approached by its rival’s salespeople
- An industry news outlet gets hold of sensitive proprietary information about a company’s new product.
- After one company acquires another, ensure employees aren’t still using old terminology from the acquired business.
Join us in Glasgow on 2nd May to find out more
Join Complete IT Systems and experts from Cryoserver for an afternoon in the centre of Glasgow for some interesting discussions on how to get on the front foot with these kinds of issues. We’ll also play a bit of golf on the driving range and enjoy some good food and company. Find out how to quickly respond to requests and solve situations such as:
- Searching through conversations for keywords or information, and provide for Legal teams to use as evidence in a tribunal.
- Find out if an employee is sharing sensitive data (a breach of GDPR) with an unauthorised individual.
- Discover if an employee has emailed the director’s number to multiple contacts.
- See if the company’s confidential customer contact list has been attached to an employee’s email.
- Find evidence of information being leaked by a particular employee.
- There’s a claim of sexual harassment and you’re tasked with finding the emails in question
- HR has to come to you to find emails from a specific employee
- And many more cases!
Searching for and locating information might be considered IT’s responsibility, but it’s in the interest of the DPO, legal, compliance, HR, and even marketing’s interest to ensure the right processes and tools are in place as and when incidents do arise, and limit the organisation’s exposure in the process.
In a collaborative workshop environment, we’ll share some live examples, and encourage you to do the same to see how easy it can be to make a difficult task much simpler.
📅 Thursday 2nd May, 2024 ⏲ 3pm to 7:30pm 📍 Topgolf Glasgow
Lunch and refreshments will be provided, and we’ll also test our handicap at Top Golf Glasgow. See their short video below 👇
We hope you can join us for a fun and informative day! Please contact us if you have any questions about the event, or need a hand with your business case for joining,
Kind regards,
The Complete IT Systems Glasgow Team
Phone: 0141 468 8330
