General Data Protection Regulation (GDPR) has become a landmark bill for data protection laws across the globe. It is setting precedents across the world. The GDPR is no longer only a set of principles that uphold privacy of the users but also a cornerstone of the legal framework for technology and science firms across the EU. It has a global impact and this influence can be seen in laws such as the CCPA, and LGPD.
It includes a comprehensive set of rules that have been created to tackle modern challenges related to data protection and privacy. As the growth of technology has been overarching on the user’s privacy and has taken away control from data subjects. The law has been designed to help with the return of control back to the data subject as the true and sole owners of their own personal data.
The unique nature and approach of the regulation not only makes it effective but also compels businesses to learn how to deal with this new regulatory environment.
It also encourages businesses on how to avoid attracting any fines or other sanctions.
And businesses have been given substantial time to ensure that.
More About Time And Historical Context Of The Law
On 14th April 2016, the governments across the EU approved GDPR. It was an extensive list of regulations that would monitor and regulate the flow of personal data of the EU residents in and out of organisations.
25th May 2018 was set as the date of enforcement of this law.
This gave organisations a good 2-year period to prepare and implement their processes to be compliant with the GDPR.
A big part of this sea change is how organisations implement GDPR training to the relevant departments and staff members.
Why Is There A Need For GDPR Training?
It is clearly stated in the GDPR document that organisations should take all the ‘technical and organisational’ measures to ensure compliance. GDPR training falls well under that category.
Employees have to understand the monetary costs as well as the reputational loss that an organisation may have to bear as a consequence of their actions. Apart from this, there are multiple reasons for organisations to undertake GDPR training efforts seriously:
✓ Of course, the fines!
✓ The intensity of the fines
✓ Only compliant processes cannot furnish results
✓A strong case for the defence
✓ Stay ahead of the breaches
What Is DSAR?
The right of access for data subjects was one of the rights introduced under the General Data Protection Regulation (GDPR).
In general terms, the GDPR provides individuals with the right to request information. This right extends to how companies are handling their personal data. This is what the Data Subject Access Request (DSAR) entails in a nutshell.
Why Is Data Subject Access Right Important?
Individuals are given the right to their data under the law in many parts of the world. The information about an individual is their property. This is because the use of this information can affect them in a lot of ways. The use of personal data or personal information may affect the wellbeing of individuals.
“This makes the data subject access right important and intrinsically valuable to the individual. The right lies with the human rather than the organisation collecting data and information to erase, edit or delete the information. This is because the analysis of the information, as well as the data, also has a direct impact on the individual in a lot of cases.”
According to the GDPR and the Data Protection Act, individuals have the right to exercise their subject access rights in the following capacity:
- Individuals have the right to access their personal data.
- This is commonly referred to as subject access.
- Individuals can make a subject access request verbally or in writing.
- You have one month to respond to a request.
- You cannot charge a fee to deal with a request in most circumstances.
What Is The Process For Requesting And Request Management?
A data subject can make the request via an email, or a form (online), or in any other form of communication.
Then, a company will verify the requestor’s identity and his/ her data in its data ecosystem and lastly track the request to resolution. This process takes approximately 30-45 days.
The DSARs Elements:
- Contact information of the data subject such as name, email and phone number.
- The requests by the data subjects often fall under at least one category mentioned below:
- What data do you collect on customers?
- What data do you collect on me?
- Delete my information
- Move my data elsewhere
- An open text field where data subjects add any context to their request.
The Data Subject Access Request (DSAR) refers to a specific request whereby an individual legally exercises their right to access data collected on them. They may then decide if there is an issue with the data.
Or, if they would like to exercise their right to erasure or not. Every organisation that falls under the jurisdiction of the EU must ensure that each data subject access request is dealt with by maintaining privacy and security and the process is conducted in an in-depth manner to comply with the law.
What Is DPIA & PIA?
Article 35 & 36 Of GDPR States:
A Data Protection Impact Assessment (DPIA) must be carried out whenever you start a new project, and it contains “a high risk” to people’s personal information.
The General Data Protection Regulation (GDPR) carries a plethora of rules that businesses must follow for the protection of personal data they collect on their clients.
Compliance with GDPR is important; otherwise, there are penalties for failure to comply. Penalties can approximately go up to $20 million or 4 percent of annual revenue (whichever is higher). There are countless companies that have received these severe fines.
But, here is the key. To demonstrate compliance with GDPR and its requirements, an organisation must prepare a DPIA for every high-risk data processing activities.
Who Needs A DPIA?
Any business undergoing ownership, product, or an industrial change requires a DPIA. Conducting one can help it reduce its potential loss stemming from data privacy and protection issues. Businesses in the past have repeatedly been reprimanded for their lack of data protection safeguards. Hence, this tool can take care of such threats to the security and profitability of your business.
How Does A DPIA Work?
The DPIA works by investigating potential vulnerabilities. It can help with devising the way forward to improve the data privacy and compliance status. Thus, in return it can prevent potential losses, fines and negative publicity for a business. It works on several levels of compliance before a business begins its data processing activities. This is essential to maintain the security, integrity and privacy of personal information being utilised within a new or existing business.
Get new content delivered directly to your inbox.