DM1803

Dm GDPR FOCUS: SUBJECT ACCESS REQUESTS
Subject matters
Have you incorporated handling SARs (Subject Access Requests) in your GDPR
plans? SARs are mistakenly being viewed as a low priority by many organisations but
it is imperative to have a clear plan in place for handling them, or your organisation
may find itself being exposed by GDPR, says Nuxeo's Director of Product Marketing
David Jones
With the EU's General Data
Protection Regulation (GDPR)
coming into force, many
organisations have bedded down their
plans - but some have not given
enough time to Subject Access Requests
(SARs), which could have a detrimental
effect if not considered in advance of
when GDPR goes into effect.
Many organisations have numerous
data silos where they store information
about customers that are complex to
access and difficult to secure. With the
right platform in pace for accessing and
managing their customers' personal
data located disparate information silos,
coupled with robust data security
policies, this part of GDPR compliance is
relatively straightforward. But without
such a platform, managing SARs can be
more complex and demanding, and
thus potentially troublesome from a
GDPR compliance perspective.
A SAR is the right of an individual to
request any 'personal data' held on
them by a company. Currently, in the
UK there is a fee in place for processing
SARs, but this will no longer be the case
under GDPR, so there are likely to be
many more SARs requests being made
under the new provision. Handling SARs
effectively and within the legal
timeframe will be problematic if
organisations don't have defined
processes.
HANDLING SARS UNDER GDPR
While many in the general public may
not be aware of their rights under
GDPR, there will undoubtedly be an
informed few who will want to put
these SARs to the test now they no
16
@DMMagAndAwards
March/April 2018
www.document-manager.com