So what is a DSAR and why should IT professionals care? In short, companies and organisations of all sizes need to know what they are, and what to do if you receive one. The problem is that incoming DSARs can become a hot potato and bounce around HR, legal, IT, data protection, compliance and even marketing departments without clear accountability or ownership.
The Information Commissioner’s Office (ICO) publishes a useful guide on preparing for subject access requests, with one of the requirements being that you carry out a “reasonable search for the requested information”. On top of that, the timeline to respond is one month.
So even if the Data Protection Officer (DPO) is ultimately accountable for the request, without the right processes or tools in place, finding the requested information can be a minefield. No prizes for guessing the first point of call to get that information!
And that’s usually where IT teams become involved in order to locate the personal data, while ensuring that other legal obligations are not infringed in doing so.
According to Kingsley Napley, “technical support is frequently required to identify and review data, and legal input may be needed.” For example, if an ex-employee asks to see all emails and correspondence they were copied on over a two year period, this could be hundreds of thousands of emails, not to mention direct chats and team collaborations in platforms such as Microsoft Teams or Google Workspaces.
As well as the normal jobs of keeping the lights on, ensuring that everyone has working devices, the network is secure, all files are safely backed up, and everything else that goes on in a day, there’s worse news for IT teams.
That’s because these kinds of data requests may not even be limited to DSAR cases. IT are increasingly being asked to help with locating data for internal complaints or enquiries such as:
▶ Read more in this article from our friends at Cryoserver.
Get the inside track from Forrester
Microsoft business applications launch event.
Find out the ROI of all-in-one
What do you really know about AI?
How to drive workforce training programmes that work.
How Hackney Council serves its community from anywhere.
From static file repository to dynamic collaboration hub
Balancing personalisation with regulatory compliance.
The convergence of CLM and contract analytics
How Google Chat keeps teams connected.
A quick way to save 9% of annual revenue.
Good reasons to consider DocuSign for your e-signature solution.
How to fend off modern threats to connected devices.
We demystify digital signatures.
It's not IT's responsibility for departmental processes - but there is a key role to play.
Why shift to eSignature?
Why a certified recording solution is essential.
How English Courts support eSignatures.
eSignature has advantages for businesses of every shape and size. Find out more.
How to build an enterprise mobility strategy.
Could you agree more with eSignature?
SMBs can drive business growth with cutting-edge technologies.
5 ways to get more from virtual meetings
And what does it mean for IT?
3 key questions to digitally transform your call centre
Share this story
Let us know what you think about the article.
We're a community where IT security buyers can engage on their own terms.
We help you to better understand the security challenges associated with digital business and how to address them, so your company remains safe and secure.