Data subject access requests
The introduction of GDPR saw an immediate rise in data subject access requests (DSARs), due to increased awareness and no charges. Only a third of organisations currently comply with requests and fulfil DSARs, within the legal timeframe of one calendar month from receipt of the request.
Subject access requests no longer need to be made in writing. Organisations should enable requests to be made via telephone, webform, social media or in person. Requests also do not even have to use the term - “Data subject access request”, the request just has to be clear that the individual is seeking their own personal data. It is therefore vital that employees who have customer or client contact know how to recognise a DSAR and how to action the request.
GDPR is a piece of very complex legislation and is an area that will continuously evolve, especially in this political climate. With this in mind, you should start thinking about whether your organisation is GDPR compliant?