Jul 30, 2021
DSAR
What is DSAR?
The Data Subject Access Request policy basically states that citizens may request, under the General Data Protection Regulation (GDPR), that a data controller (business or other organization) disclose the requester’s personal data that the organization holds about them.
Companies need to respond in a defined time frame and provide the information to the requestor. Companies also need to be able to edit or delete personal data upon request from a citizen. To successfully fulfill these tasks, companies and organizations need reliable Data Subject Access Requests (DSAR) Software solutions that meet all the requirements set by the DSAR initiative.
Different countries have different interpretations of the DSAR policy, complicating an already daunting challenge of compliance.
It all starts from the EU General Data Protection Regulations (GDPR) which replaced the old 1995 data protection directive. It was published in May 2016 and went live on May 25, 2018.
GDPR-related Processes
A number of business processes are included in both the Analysis Process Model and the Orchestration Process Model. These processes describe important aspects of the GDPR Policy Template, such as Data Protection Impact Assessments, breaches, consent, processing activities and data subject request analysis, and provide templates of how key requirements are supported by the BPSmodels.
The following new processes relating to GDPR have been added to BPS:
Personal Data Breach Management
To support the administration of Personal Data Breach events within a Financial Institution.
Data Subject Consent Management
To support the creation and use of Arrangements with Individual Data Subjects giving consent for the processing of areas of their personal data for specified purposes.
Data Subject Request Management
To support the Data Processing Requests received in relation to the recording, processing, and deletion of personal data relating to Individual Data Subjects.
Data Protection Impact Assessment
To support the determination of the risk of violating the privacy rights of data subject’s personal data with respect to the necessity of execution of the processing activity.
Improve the subject access request workflow process
By establishing a secure, efficient and accurate ROI process, Hyland solutions:
- Log, track and verify records requests
- Ensure medical records are complete and releases only authorised information
- Provide a complete cookie consent audit trail of all interactions, with reports of what, when and to whom a release was provided
- Offer multiple methods of delivery, including print, export to CD/DVD and encryption
- Automatically create fulfilment letters and invoices
Most DSAR implementations give an individual the right to receive confirmation that a company is or is not collecting their data and grants them insight into how their data is being used, including the ability to request correction or erasure of data collected. However, there may be slight variations depending on your local data protection laws. This helps individuals exercise control over their data held by an organization and check that they are using it lawfully. In the following sections, we will dig deeper into the concept of DSAR within the context of GDPR cookie consent.
