A recent analysis from Exonar, a data indexing company based in the UK, shows that 19% of all General Data Protection Regulation (“GDPR”) fines have been levied due to unlawful us of personally identifiable information and failure to timely or adequately comply with data subject access requests (“DSARs”).
What Is A Data Subject Request?
Global data regulations like GDPR and CCPA enumerate certain rights for individuals, one of which requires companies to provide access to the data collected on individuals by facilitating DSARs. DSAR category types vary by jurisdiction, and empower individuals to understand and manage what information is being collected from them. Regarding GDPR, the types of requests that can be made include:
- Access
- Rectification
- Erasure
- Withdraw consent
- Restrict processing
- Data portability
- Object
Generally, organizations have thirty (30) days to respond to a DSAR after receipt, however this deadline can be extended to ninety (90) days based on the complexity of the request. Other data privacy laws differ in their allowable DSARs and timelines, so companies need to familiarize themselves with what type of request each jurisdiction requires, the length of deadlines for response, and the financial penalties for failing to respond in a timely fashion (to help, we’ve compiled a helpful chart outlining the rules for major data privacy laws across the globe).
Why Are Companies Getting Fined?
Companies are getting fined for a number of reasons, including the fact that they either:
- Aren’t providing individuals with a method to make these requests;
- Aren’t timely responding to requests; or
- Are managing DSARs through emails and Microsoft Office or similar software that is neither timestamped nor scalable
DSAR requests have…
IAB Europe’s advertising bidding model uses personal data, EU court rules
After clarification from Luxembourg, the Belgian Court of Appeal will now rule on the case…
Schrems II Judgment Day
The Court of Justice of the European Union (“CJEU“) issued its judgment today in …
