The GDPR gives affected persons extensive rights to information. Without appropriate preparation, the processing of data subject requests can take a long time. easyGDPR DSAR automates the processes and the collection of data.
Why do I have to answer the data subject requests correctly?
Article 15 of the GDPR gives every data subject the right to know which personal data are being processed and for what reason. Furthermore, paragraph 3 of this article gives every data subject the right to receive a copy of all data.
This right to information existed even before the GDPR. However, those affected have now an additional right to compensation. This includes, for example, lawyers' fees.
Refusal to provide information or giving false information may result in a GDPR-Penalty.
As soon as data protection violations find their way into the media, a flood of data subjects requests often follows.
Why is it so complicated to answer the data subject requests?
Data is stored in different departments of your company. In large companies, the help of the specialist departments is usually required to collect all data.
Before a copy of the data can be handed over to the requesting person, it must be ensured that no right of third party and no business secret is included in the response.
Fast GDPR compliant answers
Our team did not want to accept the fact that requests from affected persons would cause a lot of work in many departments. They cost a lot of time and cause costs. Therefore we have developed easyGDPR DSAR.
easyGDPR DSAR takes care of the correct procedures and the collection of data. Only the control of the collected data has to be done by an employee.
In three steps to the automated data subject request
With easyGDPR DSAR you can automate data subject requests in three simple steps.
Step 1: Documentation of the data processing
With easyGDPR the processing (newsletter, ERP, CRM, webshop, mail archive, ...) is documented in a structured way. This provides security that all information required for the answer, such as retention periods etc., is available and that no processing has been forgotten.
This list of processing activities is also the basis for generating the responses for the requests.
This part of easyGDPR DSAR is also available without the module affected persons requests automation.
Step 2: Automatic retrieval of data
In the second step, we install connectors that collect all data automatically.
easyGDPR reads among others the following systems:
- ERP and CRM systems (SAP, AX, Salesforce, ...)
- Mail archives
- Application Programming Interfaces (API)
All data or only individual data sources can be automatically retrieved.
Typically, we automate the areas that would manually do the most work first. If necessary, additional areas can be added to the automation process. The file- and mail analysis is done with our data exploration product databee.
Data protection must also be respected in the case of data subject requests. For this reason, we do not make copies of the data, instead the tool only collects the data specifically required for each resquest.
Step 3: Is the request authorized?
To ensure that requests cannot be misused, easyGDPR DASR provides a portal where requests can be made. easyGDPR can automatically check if the entered data such as email address, phone number or customer number match the requesting person.
What happens when I do a request?
The visitor fills in an online form and then receives an email message with a link for confirmation. In the case of telephone numbers, we check by means of an SMS or a call whether the number belongs to the person making the request. If desired, a request can also be entered by an employee without using the portal.
Once the request is sent, the system searches for data. Once the data query is complete, the person responsible is informed. This person checks the response and sends it to the requesting person.
What used to be a few hours of work for several people is now - depending on how much data was found - done in a few minutes.
easyGDPR DSAR was developed by Schindler IT-Solutions GmbH with support of the Austrian Research Promotion Agency.