Share This Article:Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

The right to data transparency

Over the last few years, technology has transformed our lives and made it easy for businesses to collect and process personal data. These technological advancements have also created the need for new regulations to provide better protection of personal data. The General Data Protection Regulation (GDPR) and similar laws like the California Consumer Privacy Act of 2018 (CCPA) aim to give individuals more control over their data, and organizations must be prepared to comply. Now, individuals can demand more transparency from businesses that collect and process their data.

One new way individuals can view the personal data businesses have collected about them is to submit a data subject access request (DSAR). These requests can be made in any form (by email, phone, web) and include inquiries like:

  • Notification: I would like to know the total amount and type of personal data you have about me.
  • Right to Data Portability: I would like access to all the personal data you have about me. Provide the data in a portable machine-readable format.
  • Right to be Forgotten: I would like all of my personal data securely deleted.

It’s easy for a person to make these requests, but very difficult for most businesses to deliver. For example, the right to be forgotten (RTBF) gives individuals the right to request that all their personal data be identified and erased if there is no legal reason to retain it. To accomplish this, most businesses have to first analyze terabytes of content, including archived content stored on a forgotten file server that may have not been touched in years.

Once the analysis is done, the business still needs to:

  • Collect all the personal data about the requestor.
  • Verify the data to ensure that it is the right personal data for the right person. For example, if the business has two individuals with the same name and only one of them requests “to be forgotten,” a process must be in place to verify that they’ve collected and deleted the data for the correct individual while leaving the data for the other undisturbed.
  • Serve the data, where they’re able to see specific files containing the data subject’s personal data, so they can delete and/or dispatch them.

Each step has its own level of complexity.

The bottom line is that IT organizations face big challenges in handling these requests effectively, partly because the amount of information held on a single person can be extensive, spread across many different locations, and commingled with the personal data of others.

We help businesses respond to DSARs

A great way to simplify the process of identifying, locating, and compiling the files containing personal information is to deploy a content governance solution that “knows” what to look for. Egnyte is designed to discover and classify files containing PII and prepare them for a data subject access request. Even if data is scattered, which is often the case, Egnyte helps IT process it in a few clicks.

Compliance isn’t just about avoiding harsh penalties, it’s about gaining the trust of your customers and employees. Businesses that take the initiative now, especially those that will only be affected by the CCPA (which goes into effect on January 1, 2020), will be held in high regard by discerning consumers. This speaks directly to another advantage of using a content governance solution like Egnyte. As data regulations change or get added, our solution adapts, ensuring the most up-to-date security and compliance support.

To learn more about how Egnyte can help your business respond to DSARs quickly, as well as comply with specific regulations, start by watching this quick video.

Respond to Data Subject Access Requests from Egnyte on Vimeo.