Data Protection Expert Hours: Rapid Response
The GDPR demands that some data protection situations need a rapid response. And, there are timescales to be obeyed; failure to comply with these compounds the impact (and the potential penalties).
Getting expert help, fast, and in plain language, will make the situation easier for you to resolve. That’s why we’re here.
Organisations dread this happening to them. If it does happen, you have just 72 hours to assess the severity of that breach and to determine whether or not you need to report it to the Information Commissioner’s Office
What can we help you with?
- Assessing the severity of the breach
- Determining whether or not a report to the ICO is necessary
- Recording the appropriate information to support a non-reporting decision in case of future challenge
- Communications to affected individuals, as well as others who might be concerned (your staff suppliers, clients/customers, for instance)
Data Subject Access Requests
Of the Individual Rights enshrined in the GDPR, this is by far the most commonly used. And, it’s usually the first step in a chain of events when other Rights are also likely to be used.
In almost all cases, you have only 30 days to respond, in full. And some DSARs can require hundreds if not thousands of documents to be tracked down, redacted and then provided to the individual (the ‘Data Subject’).
What can we help you with?
- Assessing whether or not you have received a DSAR
- Advice on timelines and whether you need to verify the individual’s identity
- Advice on what should / shouldn’t be included in the response
- Advice on redaction decisions
- Guiding you through the process of responding
- Providing the correct supplementary information in the response
- Providing a secure data sharing vault to send data to the individual, securely
- Advice on next steps if other Individual Rights have been mentioned
- Provide plain language guidance notes and a checklist make the process manageable
Dealing with Individual Rights
Individuals have a number of Rights under data protection law, and when they choose to use them, the organisation often has just one calendar month to respond.
Without a process in place, panic has probably set in or there’s a temptation to ignore the request or to try to make it go away somehow.
Even with a process in place, it can feel overwhelming for the teams responsible for handling data breaches, DSARs and the other Individual Rights to fit in alongside their everyday responsibilities.
Having an expert on the end of the phone and guiding you through can help reduce panic, focus attention and guide you through the process of dealing with either scenario.