Reduce cost and mitigate risk with sophisticated content analysis, data identification, and secure data transfer in a highly automated and scalable solution.
What is the GDPR?
The General Data Protection Regulation (GDPR) was designed to harmonize data privacy laws across Europe. It emphasizes transparency, security and accountability by businesses, and aims to standardize and strengthen the rights of European citizens for data privacy. It replaces the existing data protection framework under the EU Data Protection Directive (DPD).
The GDPR is a holistic approach to data protection that requires businesses to adopt processes and procedures on the collection of data, and the storage and lifecycle management of the personal data of its customers, contacts and employees. And it’s having a global impact – reshaping the way organizations across the world approach data privacy.
Under the new GDPR, European citizens have the right to request their personal information that an organisation may possess. Organisations have 30 days to process a Data Subject Access Request. If they cannot complete the request in this time frame, they must show that there has been an effort made to complete the action. If an organisation fails to process a request, the DPA can audit and sanction them which could result in a hefty fine.
Right to Access
Individuals can get confirmation of what personal information is being processed, where it is being stored, and why their information is being held. If EU citizens wish to know, a Controller must provide electronic copies of this data to the individual, free of charge.
Right to be Forgotten
Individuals are entitled to have their data erased, ceased from further dissemination, and potentially have third parties halt processing of data. In the case that their data is no longer relevant to why they originally gave their information, they may also have their data erased.
Right to Data Portability
The right to data portability allows individuals to obtain and reuse their data for their own purposes across different services. It allows them to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way.
Right to Notification
In the event of a data breach, businesses are required to notify their Data Protection Authority (DPA) within 72 hours of the breach. Individuals are also entitled to be notified in the event of a breach of their personal data.
FileFacets helps businesses with Data Subject Access Requests
FileFacets for DSAR Management
FileFacets provides the platform and methodology to help businesses comply with the GDPR.
The FileFacets platform allows you to connect Data Subject Access Request forms directly to FileFacets DSAR management tool. Receive notification of requests in real time and scan multiple sources and repositories to locate and identify any information your organization may have on the requester. FileFacets makes it easy to action requests so that your organisation can confidently complete requests in the 30 day time frame.
For Data Subject Access Requests, FileFacets allows you to:
- Create iframe to link FileFacets directly to your website for Data Subject Access Requests
- Add and remove fields as needed
- Preview form before placing it on your website
- Customize email notification to be sent to data subject after request is made
- Use FileFacets to record and report on all actions taken for each DSAR including:
- When it was received,
- who received the request,
- Who managed the request
- When the request was actioned
- What was the result of the action
- When the DSAR was completed.
- Run audit reports at any time all the status and result of all archived and active DSARs
Get a FileFacets demo
Fill out the form, and we’ll give you an end-to-end tour of the platform. See firsthand how FileFacets can solve the challenges facing your organization.