Let us begin with a quick overview of a DSAR, also called a Subject Access Request (SAR). Article 15 of the GDPR outlines the basic rights afforded to data subjects with respect to understanding how and why a data controller processes their personal information. Specific details include the purpose of processing, outlining special categories of personal data, processing duration and/or retention periods, and must provide clear steps should data subjects wish to rectify, erase, restrict or object to a particular data processing activity.
Knowledge is everything.
Key to providing an efficient and successful DSR management programme is to first understand how data is processed, as well as any relevant contextual information – the ‘who, what, where, why, when’ around your personal data. This includes the data types held, the data subject ID, the purposes and durations of processing, and any additional and relevant contextual metadata. By creating a single source of truth for this Privacy data, businesses not only improve their own understanding of data and their rights to process it, but in doing so simplify any DSR process should customers wish to exercise their rights.
To learn more about how to create a single source of Truth for Privacy, request a demo of Trunomi’s TruPrivacy Platform.
So, how best to provide access to customers?
Trunomi’s ‘My Data Portal’ is purpose-built to enable businesses to provide a self-service, fully branded, customer-facing Portal through which data subjects can submit DSRs, make Consent & Permission opt-in / opt-outs and benefit from greater transparency and control with respect to how their data is processed. As well as providing a consistent customer experience, the Portal can also be embedded into any customer touchpoint (e.g. website or mobile application).
Reduce time and costs: Privacy-driven automation.
Further cost and time savings can be made by converting manual processes into automated workflows. Trunomi enables businesses to configure and trigger automatic, pre-defined processes to automate the fulfilment of Data Subject Access Requests and even trigger the actions taken, e.g. deletion, masking, or archiving of data. As well as driving efficiencies through the automation of DSR fulfilment, Trunomi also automatically produces audit-ready records of DSRs, enabling the business to easily prove the compliant handling and completion of requests to customers and regulators, while meeting its regulatory obligations in a timely manner.
Trunomi solves DSRs in the following steps:
- Populate ‘My Data’ Portals, using patented technology: embed Trunomi’s customer portals anywhere and populate them with relevant, real-time information for your customers on their data and processing.
- DSR Submission via the Portal: Data subjects submit their requests against specific data sets via the Trunomi ‘My Data Portal’.
- Automatic Flagging of Data: Following a DSR-submission, Trunomi can automatically flag the corresponding data set, whilst also notifying the relevant business stakeholder to take action. Deadlines for handling the DSR (GDPR 30 Days, CCPA 45 Days) can be automatically tracked and monitored.
- Locate Data using Data Pointers: Trunomi’s patented Data Pointers enable businesses to locate the source location of a data set, in order to take the necessary action.
- Automated DSR Fulfilment: Pre-defined rules and processes set by your businesses can ensure the efficient and automatic fulfilment of the DSR.
- Trunomi Dashboard and Reporting: Trunomi’s Dashboard enables organisations to monitor DSRs and provide a breakdown of metrics to reduce costs and prove compliance.
Crucially, Trunomi is built to wrap around your business’s specific user journeys and workflows, and is fully customisable to help you meet your regulatory requirements with zero-disruption to existing data flows and systems.
To learn more about how Trunomi solves Data Subject Access Requests, request a demo at email@example.com.