We recently ran an event in Glasgow where we looked at the challenge Data Subject Access Requests (DSARs) present to DPOs and IT teams to access information promptly and efficiently.
During the session, Cryoserver outlined how their solutions act like a black box recorder on a flight in terms of enabling access to data whether for a DSAR or other data access requirement. With enterprise data becoming harder to manage than ever before, it’s vital to have a modern archive strategy in place for your business.
This document details how, with Cryoserver at its core, you can be confident that your email archive is compliant, every email is securely stored, and users can find the data they need in milliseconds.
Want to learn more?
Complete IT Systems have a team of Cryoserver specialists on hand to demo the solution, discuss business benefits and help you understand how the technology works for your organisation.
To get in touch or request a demo please contact us.
Data Subject Access Requests (DSARs) were first introduced in 1998, and digital technology has made requesting them easier over time. But it’s no perfect science.
In short, companies and organisations of all sizes need to know what they are, and what to do if you receive a DSAR. The problem is that incoming DSARs can become a hot potato and bounce around HR, legal, IT, data protection, compliance and even marketing departments without clear accountability or ownership.
The Information Commissioner’s Office (ICO) publishes a useful guide on preparing for subject access requests, with one of the requirements being that you carry out a “reasonable search for the requested information”. On top of that, the timeline to respond is one month.
So even if the Data Protection Officer (DPO) is ultimately accountable for the request, without the right processes or tools in place, finding the requested information can be a minefield. If you’re planning to ask IT, ask yourself how quickly they will be able to locate that information, or if they even have the tools to do so.
The risk of flying blind
According to Kingsley Napley, “technical support is frequently required to identify and review data, and legal input may be needed.” For example, if an ex-employee asks to see all emails and correspondence they were copied on over a two year period, this could be hundreds of thousands of emails, not to mention direct chats and team collaborations in platforms such as Microsoft Teams or Google Workspaces.
Data requests may not always be limited to DSAR cases. Enquiries include:
One employee is accused of sexually harassing another via their organisation’s Microsoft Teams chats.
Instances in which an organisation’s emails are being sent to an unusual address.
A director suddenly starts getting lots of unsolicited calls from recruiters.
A firm’s customers start being approached by its rival’s salespeople
An industry news outlet gets hold of sensitive proprietary information about a company’s new product.
After one company acquires another, ensure employees aren’t still using old terminology from the acquired business.
Join us in Glasgow on 2nd May to find out more
Join Complete IT Systems and experts from Cryoserver for an afternoon in the centre of Glasgow for some interesting discussions on how to get on the front foot with these kinds of issues. We’ll also play a bit of golf on the driving range and enjoy some good food and company. Find out how to quickly respond to requests and solve situations such as:
Searching through conversations for keywords or information, and provide for Legal teams to use as evidence in a tribunal.
Find out if an employee is sharing sensitive data (a breach of GDPR) with an unauthorised individual.
Discover if an employee has emailed the director’s number to multiple contacts.
See if the company’s confidential customer contact list has been attached to an employee’s email.
Find evidence of information being leaked by a particular employee.
There’s a claim of sexual harassment and you’re tasked with finding the emails in question
HR has to come to you to find emails from a specific employee
And many more cases!
Searching for and locating information might be considered IT’s responsibility, but it’s in the interest of the DPO, legal, compliance, HR, and even marketing’s interest to ensure the right processes and tools are in place as and when incidents do arise, and limit the organisation’s exposure in the process.
In a collaborative workshop environment, we’ll share some live examples, and encourage you to do the same to see how easy it can be to make a difficult task much simpler.
📅 Thursday 2nd May, 2024 ⏲ 3pm to 7:30pm 📍 Topgolf Glasgow
Lunch and refreshments will be provided, and we’ll also test our handicap at Top Golf Glasgow. See their short video below 👇
We hope you can join us for a fun and informative day! Please contact us if you have any questions about the event, or need a hand with your business case for joining,
Data Subject Access Requests (DSARs) were first introduced in 1998, and digital technology has made requesting them easier over time. Why should IT care about them?
In short, companies and organisations of all sizes need to know what they are, and what to do if you receive one.
The problem is that incoming DSARs can become a hot potato and bounce around HR, legal, IT, data protection, compliance and even marketing departments without clear accountability or ownership.
The Information Commissioner’s Office (ICO) publishes a useful guide on preparing for subject access requests, with one of the requirements being that you carry out a “reasonable search for the requested information”. On top of that, the timeline to respond is one month.
So even if the Data Protection Officer (DPO) is ultimately accountable for the request, without the right processes or tools in place, finding the requested information can be a minefield. No prizes for guessing the first point of call to get that information!
Enter IT!
And that’s usually where IT teams become involved in order to locate the personal data, while ensuring that other legal obligations are not infringed in doing so.
According to Kingsley Napley, “technical support is frequently required to identify and review data, and legal input may be needed.” For example, if an ex-employee asks to see all emails and correspondence they were copied on over a two year period, this could be hundreds of thousands of emails, not to mention direct chats and team collaborations in platforms such as Microsoft Teams or Google Workspaces.
How else can IT get sucked in?
As well as the normal jobs of keeping the lights on, ensuring that everyone has working devices, the network is secure, all files are safely backed up, and everything else that goes on in a day, there’s worse news for IT teams.
That’s because these kinds of data requests may not even be limited to DSAR cases. IT are increasingly being asked to help with locating data for internal complaints or enquiries such as:
One employee is accused of sexually harassing another via their organisation’s Microsoft Teams chats.
Instances in which an organisation’s emails are being sent to an unusual address.
A director suddenly starts getting lots of unsolicited calls from recruiters.
A firm’s customers start being approached by its rival’s salespeople
An industry news outlet gets hold of sensitive proprietary information about a company’s new product.
After one company acquires another, ensure employees aren’t still using old terminology from the acquired business.
Join us in Glasgow on 2nd May to find out more
Join Complete IT Systems and experts from Cryoserver for an afternoon in the centre of Glasgow for some interesting discussions on how already overstretched IT teams can get on the front foot with these kinds of issues. We’ll also play a bit of golf on the driving range and enjoy some good food and company. Find out how to quickly respond to requests and solve situations such as:
Searching through conversations for keywords or information, and provide to your Legal team to use as evidence in a tribunal.
Find out if an employee is sharing sensitive data (a breach of GDPR) with an unauthorised individual.
Discover if an employee has emailed the director’s number to multiple contacts.
See if the company’s confidential customer contact list has been attached to an employee’s email.
Find evidence of information being leaked by a particular employee.
There’s a claim of sexual harassment and you’re tasked with finding the emails in question
HR has to come to you to find emails from a specific employee
And many more cases!
These issues might not be fully IT’s responsibility, but it’s in your interest to find the services and technology elements to help when incidents do arise, and limit the organisation’s exposure in the process.
In a collaborative workshop environment, we’ll share some live examples, and encourage you to do the same to see how easy it can be to make a difficult task much simpler – and make IT look great in the process!
📅 Thursday 2nd May, 2024 ⏲ 3pm to 7:30pm 📍 Topgolf Glasgow
Lunch and refreshments will be provided, and we’ll also test our handicap at Top Golf Glasgow. See their short video below 👇
We hope you can join us for a fun and informative day! Please contact us if you have any questions about the event, or need a hand with your business case for joining,
Fortunately, your HR team can drive and manage change with software that monitors emails, instant messages and attachments. You can read about this shortly, but first, let’s go back a step:
The Harvard Business School defines organisational change as “the action a business takes to change any of its underlying components, such as processes, culture, people, product, infrastructure, or technology.”
In this article, our colleagues Cryoserver look at the hot topic of cultural change. Many HR departments are striving to promote equality, diversity and inclusion, and eliminate toxic behaviour and language. Not only is organisational culture important from HR and legal perspectives; it also affects your corporate and brand identities and ultimately your bottom line too.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
