If your organisation is getting more GDPR Data Subject Access Requests (DSARs) than normal, then you’re not alone.
(So, don’t panic that something untoward has happened in your organisation which would warrant the rise!)
A body which represents UK data protection officers has reported that there’s been a 66% increase in the average number of DSARs received.
Or to give that context, that’s a jump from 10.85 in the first quarter of last year to 18.04 in the latest findings.
The UK Data Protection Index, which conducted the panel, has found that as a result, data protection is now being brought to the fore – with over three quarters of respondents giving a score of six or higher for precedence in the organisation.
So, what’s fuelling the rise in Subject Access Requests? We think it could be down to three important factors:
We are now more data aware
We are becoming more clued up when it comes to our personal data. When GDPR came into force a few years ago, it really did make us sit up and take stock. We care more than ever about our information, even to the point where we get angry if we think companies are “listening to us” (even if adverts really just have been tailored from our internet searches!) People now want to know what personal information is being held on them– and know that they are perfectly entitled to find out.
There are more redundancies due to Coronavirus
Many organisations have been impacted by Covid-19 and have had to make the very difficult decision to make some employees redundant. For people who have found themselves out of work, they will have many unanswered questions. Why me? What was the rationale? People are entitled to make a DSAR to find out what information their former employer holds on them, such as email conversations. There could be a spike in DSARS as ex-employees look to review the redundancy process.
We are spending more time at home
It’s fair to say we have a bit more time on our hands than this time last year! With most of us restricted to our homes and working from home, it’s normal that we might get round to things we’ve been putting off or haven’t had much time to do before. (Anyone else taken up DIY?) As lockdown continues for another few months, will this upward trend continue?
Organisations need to ensure they have the correct data management procedures in place to help them find and access all the information required for Data Subject Access Requests.
These include information which has been indexed and so is searchable, data which has been governed with appropriate retention and disposal policies so it is deleted when it needs to be, and the ability to analyse the difficult unstructured info such as emails and Word documents at pace.
So, is your organisation ready for a potential Data Subject Access Request surge?
For more information on how your organisation can take control of its data for GDPR Subject Access Requests, contact our team at email@example.com