Handling of GDPR (DSAR) notifications
EU regulation on personal data protection – GDPR – imposes on the entities processing personal data a series of new responsibilities. Personal data administrators should assure its realization in respect of the persons to which data pertains.
The execution of the right of data entities such as the right of access, the right to correct data, the right to be forgotten, the right to limit the processing of data or transfer of data is additionally secured by rigorous deadlines. In case of large volumes of data exceeding 1 million records this task seems a bit complicated.
A complex and multistage business process was developed, which engages all required resources in an organization in order to respond to all requests of the entities. The process was in a big part automated.
Organization effectively responds to the requests of the entities despite a relatively great number of notifications. In the first weeks after the adoption of the regulation, a timely handling of about 2 thousand notifications was not a problem.