Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Dm GDPR FOCUS: SUBJECT ACCESS REQUESTS<br />
Subject matters<br />
Have you incorporated handling SARs (Subject Access Requests) in your GDPR<br />
plans? SARs are mistakenly being viewed as a low priority by many organisations but<br />
it is imperative to have a clear plan in place for handling them, or your organisation<br />
may find itself being exposed by GDPR, says Nuxeo's Director of Product Marketing<br />
David Jones<br />
With the EU's General Data<br />
Protection Regulation (GDPR)<br />
coming into force, many<br />
organisations have bedded down their<br />
plans - but some have not given<br />
enough time to Subject Access Requests<br />
(SARs), which could have a detrimental<br />
effect if not considered in advance of<br />
when GDPR goes into effect.<br />
Many organisations have numerous<br />
data silos where they store information<br />
about customers that are complex to<br />
access and difficult to secure. With the<br />
right platform in pace for accessing and<br />
managing their customers' personal<br />
data located disparate information silos,<br />
coupled with robust data security<br />
policies, this part of GDPR compliance is<br />
relatively straightforward. But without<br />
such a platform, managing SARs can be<br />
more complex and demanding, and<br />
thus potentially troublesome from a<br />
GDPR compliance perspective.<br />
A SAR is the right of an individual to<br />
request any 'personal data' held on<br />
them by a company. Currently, in the<br />
UK there is a fee in place for processing<br />
SARs, but this will no longer be the case<br />
under GDPR, so there are likely to be<br />
many more SARs requests being made<br />
under the new provision. Handling SARs<br />
effectively and within the legal<br />
timeframe will be problematic if<br />
organisations don't have defined<br />
processes.<br />
HANDLING SARS UNDER GDPR<br />
While many in the general public may<br />
not be aware of their rights under<br />
GDPR, there will undoubtedly be an<br />
informed few who will want to put<br />
these SARs to the test now they no<br />
16<br />
@DMMagAndAwards<br />
March/April 2018<br />
www.document-manager.com