Failure to handle Subject Access Requests – #1 Complaint at the DPCs Office
The Irish Data Protection Commissioner, Helen Dixon, has emphasised that the GDPR retains the requirement that DPAs handle every complaint lodged accordingly. This includes the failure to deliver on the rights of access, for example, which already comprise more than 50 percent of the complaints her office deals with now. [See full article here.]
Businesses have one month to respond to Subject Access Requests and need an efficient, transparent and compliant process for managing them. It’s important that businesses put their customers first and can provide them with this information but they also need to protect themselves. For instance, businesses should ensure they have;
- Full audit trails from when the request was received right through to completion
- The ability to send the data digitally when the request was received digitally
- The ability to send data securely and encrypt it
- The ability to demonstrate how the ID was verified
If you haven’t already, now is the time to make sure you put the right processes in place for managing Subject Access Requests efficiently and compliantly. For information on how Wizuda can help, click here.