Dealing with the rising tide of Subject Access Requests
A boom in Data Subject Access requests was anticipated with the EU GDPR. How are organisations dealing with the growth in requests? Tom Cooper reports.
Increased assertion of data subject rights has been one of the least surprising consequences of the EU General Data Protection regulation (GDPR). Most organisations have seen a rise in data subject access request (DSARs) in the past year, with reports varying from a “mild uptick” to significant challenges in workload. while the requests vary from irritating to potentially very costly, it is not all bad news – the GDPR gives more opportunity to limit the scope of requests than its predecessor, the UK’s implementation of the EU Data Protection Directive.
Stand and deliver: Use and misuse of subjects’ rights was the topic of a roundtable at PL&B’s 32 Annual International Conference in Cambridge. Vivienne Artz, Chief Privacy Officer at financial markets information provider Refinitiv, said that the GDPR’s removal of fees for requests, together with increased awareness of data rights has sparked a widespread increase in DSARs. A straw-poll among the roundtable participants confirmed an across-the-board rise in subject access requests. A five or six percent increase was common, but some businesses had seen a 30 per cent increase. Co-leader of the roundtable, Esther Watt, Data Protection Officer at North Kesteven District Council noted a small increase in DSARs, but these requests were still outweighed by Freedom of Information applications and requests under the Environmental Information regulations.