Why Failing To Respond To DSARs Can Cost You Millions
Why Failing To Respond To DSARs Can Cost You Millions

A recent analysis from Exonar, a data indexing company based in the UK, shows that 19% of all General Data Protection Regulation (“GDPR”) fines have been levied due to unlawful us of personally identifiable information and failure to timely or adequately comply with data subject access requests (“DSARs”).

What Is A Data Subject Request?

Global data regulations like GDPR and CCPA enumerate certain rights for individuals, one of which requires companies to provide access to the data collected on individuals by facilitating DSARs. DSAR category types vary by jurisdiction, and empower individuals to understand and manage what information is being collected from them. Regarding GDPR, the types of requests that can be made include:

  • Access
  • Rectification
  • Erasure
  • Withdraw consent
  • Restrict processing
  • Data portability
  • Object

Generally, organizations have thirty (30) days to respond to a DSAR after receipt, however this deadline can be extended to ninety (90) days based on the complexity of the request. Other data privacy laws differ in their allowable DSARs and timelines, so companies need to familiarize themselves with what type of request each jurisdiction requires, the length of deadlines for response, and the financial penalties for failing to respond in a timely fashion (to help, we’ve compiled a helpful chart outlining the rules for major data privacy laws across the globe). 

 

Why Are Companies Getting Fined?

Companies are getting fined for a number of reasons, including the fact that they either:

  1. Aren’t providing individuals with a method to make these requests;
  2. Aren’t timely responding to requests; or
  3. Are managing DSARs through emails and Microsoft Office or similar software that is neither timestamped nor scalable 

DSAR requests have expanded significantly in volume since GDPR was implemented, and with the passage of data privacy laws such as California’s CCPA and Brazil’s LGPD we expect that companies will see a spike in requests as awareness around the rights granted by these laws grows. Those companies who are not leveraging technology will struggle to keep up with growing DSARs and increase the likelihood that they’ll suffer significant financial penalties.

 

How Can Clym Help?

Clym provides a cost-effective, scalable and flexible platform to help comply with CCPA, GDPR, and other laws as they continue to change. Contact us today about how your company can implement Clym to help manage your data privacy regulation compliance from a global perspective.