The Subject Access Request Assistant helps companies save costs and time spent in responding to requests regarding personal data from individuals. The tool ensures companies comply with GDPR in an effective and standardized manner.
A Subject Access Request Assistant built on BRYTER helps to process requests regarding an individual’s personal data in a fast, transparent and efficient way – ensuring compliance with GDPR. It replaces the existing manual process and ensures that the individual making the request provides all the necessary information and the request is sent to the correct business unit. A Subject Access Request Assistant enables organizations to easily gather all the information necessary to verify a person’s identity, find their data and records on their systems, and respond to a request within the statutory timeframe. All requests are documented in a full audit trail. In addition, a report and dashboard can be generated to monitor and visualize key factors such as number of requests and types of data requested.
Under the EU General Data Protection Regulation (GDPR), companies are obliged to provide individuals with their personal data upon request. These requests must be complied with within one calendar month and companies often cannot charge a fee to cover the administrative costs of complying with a request.
It is therefore imperative that companies set up an effective process for accepting Subject Access Requests to ensure compliance whilst minimizing administrative burden. Recital 59 of the GDPR recommends that organizations “provide means for requests to be made electronically, especially where personal data is processed by electronic means”.
With BRYTER, you can build a tool which uses predefined sophisticated logic to collect all relevant information to comply with a Subject Access Request. The individual making a request is guided through an interactive questionnaire, where they can provide all the necessary information including, uploading documentation, such as proof of identity, to allow the business to easily and effectively comply with the request. The collected information can then be used to produce a complete document which can be sent via e-mail directly to the Data Protection Officer or any other colleague processing these requests.
Automated & standardized
The Subject Access Request Assistant allows companies to ensure that all submitted requests are consistent and complete using sophisticated logic to determine the relevant information to be collected. This ensures consistency in approach and with documentation.
The Subject Access Request Assistant enables organizations to quickly and efficiently deal with all the necessary steps involved in handling a Subject Access Request. With a strict obligation to respond to a request within one calendar month, using BRYTER to ensure all necessary information is collected can easily save time and administrative burden.
Centralized audit trail
Within the Subject Access Request Assistant, all relevant steps, actions and requests are tracked and documented in a centralized audit trail. This helps to prove and document compliant behavior.
The Subject Access Request Assistant can easily be integrated into a company’s existing IT infrastructure.
Every application built on BRYTER is customizable. The Subject Access Request Assistant may reflect your organization’s unique policies, processes and risk treatments. The unique BRYTER platform gives unparalleled opportunities for customization.
How it works
Through a customizable, user-friendly and interactive questionnaire, all relevant data is collected and processed. Organizations can specify their own logic to determine the relevant questions to ask individuals and submit requests to the correct business unit.
Process the request
The completed Subject Access Request can be intertwined with other processes (email, approvals, etc.) and document generation to streamline request responses.
A dashboard helps to track and drive management information, response timelines and document all requests. This helps organizations to comply with GDPR and drive continuous improvement in the process of doing so.