With the EU General Data Protection Regulation (GDPR), the Data Protection Officer receives countless subject access requests. How to receive these requests securely, handle them confidentially and send the information safely to the data subject?
GDPR imposes communication challenges to the Data Protection Officer
A Data Protection Officer (DPO) working in an industrial sector experienced it as a problem to receive data subject access requests by letter or e-mail. The DPO could not at this stage ensure the identity of the applicant.
There are also other problems with informal inquiries sent by mail and e-mail. Answers are not structured, so often some information needed is missing. Requesting additional information slows down the process. In addition, information is easily dispersed when it arrives at a different time.
Furthermore, the DPO did not have the means to send personal data to the data subject electronically. The idea of printing and mailing material sounded too burdensome and costly.
The DPO acknowledged that they would receive huge amounts of subject access requests after the date of application of the GDPR and wanted a process what would suit their company. For these reasons, the DPO decided to look for a way to handle the entire process electronically and at the same time securely.
Personal data safeguarded throughout the communication chain
The Data Protection Officer in the industrial company found what he needed under one roof. Deltagon's secure solutions offered the company exactly the tools they needed for electronic communication and identification.
- An electronic form was created for the company’s website for subject access requests. The person filling the form is electronically identified by using personal banking credentials, so that the controller can verify the identity. The information is received in structured form and all necessary information is in the application.
- Subject access requests are automatically transmitted to a secure electronic workspace. Only the persons who have the right to handle such requests have been granted access to this workspace. In the workspace, the information is stored encrypted and can be archived when the request is processed.
- Collected personal data can be sent to the data subject by means of secure e-mail. The recipient can also be electronically identified at this stage to ensure that the information does not fall into wrong hands.
The information does not need to be printed but instead the whole process can be handled electronically. Also, the data subjects do not have to come in to prove their identity to get their data.
By making the whole process electronic, the company improved its customer service and greatly enhanced the process. In this way subject access requests did not slow down other operation.
Are you looking for a similar solution for your business?
Contact us and let us talk how it can be done. Call +358 9 6850 320 or e-mail firstname.lastname@example.org.