How will you do subject access requests?

by Egress
Published on 7th Feb 2018

We all know that the EU GDPR is coming into force very soon. May 2018 is going to usher in the new rules on data protection and privacy, and all organisations that deal with EU citizens’ personal information need to be ready.

One part of the legislation that deserves more attention is the changes to how requests for personal data will work.

So how will these requests work in the near future, and how will you as an organisation deal with these changes?

What is a subject access request?

When someone wants to find out what data an organisation holds on them, they can make a subject access request. Not only will they be able to find out which of their personal information is held by the organisation, they can find out whether any personal data is being processed, and the reasons for doing so, as well as whether it is being given to any other organisations. They will be able to retrieve a copy of the data being held, with details about the source of the data.

What’s changed?

The GDPR changes some aspects of the process by which organisations deal with subject access requests.

Number one, you’re no longer able to charge fees for providing information. The GDPR supersedes previous guidelines under the Data Protection Act (DPA), which let organisations charge £10 per request. This nominal fee was probably enough to deter many people from carrying out data requests, so once GDPR is implemented you can expect to receive significantly more requests for personal information.

GDPR also replaces DPA rules about how long you have to respond to enquiries. While it allowed 40 days, subject access requests under the GDPR terms must now be fulfilled within one month. You must also allow electronic requests and if a request is made electronically, organisations should provide the information in a commonly used electronic format.

So the conclusion here is that organisations need to be able to respond quicker to a greater number of requests for personal data. Hence, you need a plan to deal with both the influx of requests and an easy way to store, organise and collate the required information efficiently.

How to do a subject access request with Egress Respond

So now you know what the future of data requests looks like, how will your organisation respond to requests promptly and with minimal administrative overheads?

Help is at hand. Egress eDiscovery software compliance reporting and analytics system lets you easily fulfil requests for personal data, automatically collecting relevant information from across your organisational mail archive. With Egress Respond you can import PST files, run searches to find the right information at the click of a button, and export the data immediately. The bespoke subject access request tool lets you pinpoint just the data relevant to the person doing the requesting, searching across emails and attachments and generating easily exportable results. This includes being able to search across Switch-encrypted content, something that circumvents the problems people run into with legacy archiving tools when rightfully employing email encryption and archiving solutions for data protection.

Want to learn how easy it is? Join our webinar

To see how Egress solutions line up with GDPR requirements, and to see a live demo of how easy it is to fulfil data requests using Egress Respond, why not join our webinar scheduled for 15th Feb at 15:00GMT?

There’ll also be a chance to find out how Egress Prevent can help you with another aspect of the GDPR: preventing data breaches. You’ll learn how being able to stop the accidental send is vital weapon against accidental data loss. Not to be missed!