Regulators around the globe are coming out with increasingly stringent laws. Products that help companies service these Data Subject Requests (DSRs) have flooded the market. Ironically, the DSR products that several companies are considering investing heavily in to comply with these new laws are putting them at significant risk. Here’s why.
There are two critical parts to fulfilling DSRs:
1. Workflow
This entails receiving requests, verifying the identity of the requester or subject, delegating sub-tasks to different people in the organization, and delivering results to the person who made the request.
2. Locating the Data
This equally, if not more important aspect of fulfilling a DSR is where the current DSR products fall short. Fulfilling a DSR is about actually finding the subject’s data accurately in your data ecosystem across structured and unstructured data and hundreds of data sources
The Workflow aspect is relatively straightforward, and most DSR products in the market can do an okay job of it. Unfortunately, when it comes to the critical second portion — having accurate, relevant, and up-to-date data — these products, including those from some well-known brands, leave you holding the bag and shouldering significant compliance risk. How big a problem is this data bag that you are left holding? If you can answer these two straightforward questions, you have nothing to worry about.
Bear in mind that this data can be anywhere in your databases, warehouses, S3 buckets, or shared drives. And yes, even those pictures of identity documents such as passports or driving licenses innocuously sitting across your shared drives.
If your answer, like that of most people, is a ‘no,’ you have a DSR problem. Simply put, you can only fulfill DSRs if you know where your subject data is. And that DSR tool you're considering buying will not help you. It does only half the job: the workflow. Because in addition to helping you manage the request, your DSR product should also be able to discover and map your sensitive data across your entire data ecosystem and accurately locate an individual's data in response to a subject request. Without a discovery-driven DSR solution such as Divebell, you are leaving a lot to chance when it comes to your compliance obligations.
Ask your DSR vendor if their product can automatically locate a picture of a subject's driving license in a Windows shared drive as well as their personal information in your Snowflake warehouse. And when they say no, send us a quick email at info@divebell.com. We offer the only true end-to-end DSR solution in the market.
Any opinions expressed here and statements made are not legal advice, nor representations or warranties, and are intended to promote discussion around technology and data protection.