Adare SEC’s Head of Marketing, Luke Godfrey, shares his thoughts on life in a post-GDPR world and the challenges around Subject Access Requests.
Now we are compliant in a post-GDPR world, what happens next? What happens if someone asks to see all of their personal data that you hold? Can you deliver the goods?
It goes without saying that there’s a huge element of compliance required when it comes to GDPR, following its introduction on 25 May.
Policing GDPR is, admittedly, going to be difficult and although most companies are now compliant, remaining compliant is still a challenge for many organisations. As a result, businesses require efficient methods to do this.
As an organisation, you don’t want to be hit by a GDPR fine. Set at four per cent of your global turnover or €20m, it could have devastating implications on a business.
GDPR presents a question over efficiency too. If someone requests access to their personal data, businesses are required to pull everything together within 30 days and, if there’s a data breach, businesses must inform the ICO of the breach within 72 hours. So, time is of the essence.
When someone requests a copy of their personal data that is held by a company, it is referred to as a Subject Access Request (SAR) and it’s crucial that all businesses are aware of what this entails, and have processes in place to quickly deal with the request. SARs were previously chargeable, however, in the majority of cases it is now free and has to be completed within a month, or it could lead to a hefty fine.
A number of companies have reported an increase in SARs since the introduction of GDPR.
As you can imagine, this can become very time-consuming for an organisation to collate all the necessary information, especially larger organisations when this is multiplied by hundreds of customers with documents in multiple locations. Imagine all those hundreds of thousands of documents to trawl through – it would be a very time consuming task, especially if you are hit with numerous SARs in one go.
So what processes can businesses put in place to ensure SARs are responded to efficiently and timely?
One solution is using a secure document repository, such as Adare SEC’s SmartView. Simply put, a secure document repository (SmartView) enables organisations to store all their documents in one secure location, enabling documents to be quickly located.
With all documents stored in one secure environment, organisations can quickly access records and perform detailed searches, reviewing all the information held on that person. This can then be downloaded and collated to be presented back to the customer in the most efficient way.
The benefits of this kind of system include saving significant amounts of time, resource and costs as potentially one person is able to quickly collate all the information. The system can also give businesses the confidence that all the required documents have been located.
Many document repositories can store numerous types of documents long-term, from digital documents to images and scanned letters. These are all indexed for quick retrieval in the event of a SAR or equally for everyday business use i.e. in a call centre environment.
Business rules can also be built in to ensure that certain information is only stored for the time it is required and then securely destroyed when appropriate, another GDPR requirement.
Although you’ve got over the hurdle of being GDPR compliant, it doesn’t stop there. By ensuring your data is stored efficiently and securely means you’re one step ahead if you do get any SAR requests and are not caught off guard.