A Subject Access Request Assistant built on BRYTER helps to process requests regarding an individual’s personal data in a fast, transparent and efficient way – ensuring compliance with GDPR. It replaces the existing manual process and ensures that the individual making the request provides all the necessary information and the request is sent to the correct business unit. A Subject Access Request Assistant enables organizations to easily gather all the information necessary to verify a person’s identity, find their data and records on their systems, and respond to a request within the statutory timeframe. All requests are documented in a full audit trail. In addition, a report and dashboard can be generated to monitor and visualize key factors such as number of requests and types of data requested.
Under the EU General Data Protection Regulation (GDPR), companies are obliged to provide individuals with their personal data upon request. These requests must be complied with within one calendar month and companies often cannot charge a fee to cover the administrative costs of complying with a request.
It is therefore imperative that companies set up an effective process for accepting Subject Access Requests to ensure compliance whilst minimizing administrative burden. Recital 59 of the GDPR recommends that organizations “provide means for requests to be made electronically, especially where personal data is processed by electronic means”.
With BRYTER, you can build a tool which uses predefined sophisticated logic to collect all relevant information to comply with a Subject Access Request. The individual making a request is guided through an interactive questionnaire, where they can provide all the necessary information including, uploading documentation, such as proof of identity, to allow the business to easily and effectively comply with the request. The collected information can then be used to produce a complete document which can be sent via e-mail directly to the Data Protection Officer or any other colleague processing these requests.
How it works
Through a customizable, user-friendly and interactive questionnaire, all relevant data is collected and processed. Organizations can specify their own logic to determine the relevant questions to ask individuals and submit requests to the correct business unit.
Process the request
The completed Subject Access Request can be intertwined with other processes (email, approvals, etc.) and document generation to streamline request responses.
A dashboard helps to track and drive management information, response timelines and document all requests. This helps organizations to comply with GDPR and drive continuous improvement in the process of doing so.