In the final of our four-part series, Aiimi Senior Product Designer Tom Rankin explains how to package up consistent Data Subject Access Request responses to avoid costly complaints and time-sapping audits.

Established to uphold information rights in the public interest, promote openness by public bodies, and data privacy for individuals, the Information Commissioner’s Office (ICO) not only promotes best-practice data protection, but also guides data subjects on exactly what to expect from their DSAR response – and how to complain if it’s not up to spec. So, carefully packaging up every single DSAR response to avoid costly and time-sensitive objections and audits is another key consideration for compliance.

Processing consistent DSARs with uniform supporting documentation

Detailing exactly what data you hold, where that data came from, why it’s being held, how it’s being used, who you’re sharing it with (if third-party, what security measures were taken), and how long it will be stored, alongside all decision-making made by all team members throughout the end-to-end DSAR process is no mean feat. And lest we forget, it’s also best-practice to inform each data subject how to challenge the accuracy of your response, object to your use of their data, and request its removal. Processing all your DSAR responses to include all these components in an unwavering uniform format, alongside policies and procedures specific to each data subject type (i.e., customer, employee, client), makes for an even more daunting task, so what’s the best way to get started?

Through our research with compliance teams, we found that organisations want to look to automation when it comes to ensuring that supporting documentation, accompanying their disclosed data, is consistently applied. And there are three main data subject considerations when it comes to applying relevant supporting ICO-specified documentation:

  1. All data subject types across the organisation: universal policies might include recommendations on how to complain to the ICO, or any aspect of the process that’s applicable to everyone. These are appended to every single DSAR response, regardless.
  2. Specific data subject types: distinct subject-specific policies (e.g., for an employee or a customer) need to be appended to every DSAR response that uses that template. This documentation might include information on how and why this type of personal data is being processed.
  3. Distinct data subjects: expanding on a templated letter covering all areas that need answering, a tailored covering letter needs to be appended to every DSAR response. This is designed to speed up the creation of a more personalised, tailored response. For example, it might detail how many documents have been discovered on the data subject and how many instances have been redacted.

Automated DSAR tools for a straight-forward response

During our discussions, we also uncovered an added shared challenge: how do you ensure that all relevant data subject request data and ICO-specified information are successfully shared directly with the data subject? Well, to make this as straight-forward as possible, within the Aiimi Insight Engine, we’ve:

  • automated knowledge sharing across your teams with our search and discovery tools
  • automated tagging of all personal and sensitive data across your enterprise to simplify redaction
  • created the capacity to compile DSAR collections from our DSAR dashboard
  • built in the ability to assign files to a specific user to steer timely and specific second-stage reviews
  • designed processing checklists to guide a consistent response throughout the process
  • automated data marked for disclosure, alongside templated T&Cs tailored to each data subject type, to be added to your DSAR collection
  • automated removal of all redacted data from your DSAR response when your DSAR processor hits ‘complete’
  • automated packaging of your complete DSAR response into one single PDF that can be emailed directly to your data subject
Diagram showing how any organisation responding to a DSAR must compile information and policy documentation that meets ICO guidelines. Using the Aiimi Insight Engine, compliance teams can access templated documentation for different data subject types, redact all third-party data, add supporting documentation, and package up their response for disclosure.

Benefits of using the Aiimi Insight Engine for end-to-end DSAR processing

All these tools and measures are designed to improve your entire end-to-end DSAR processing experience for all key players involved. Your compliance managers are assured that every response contains consistent, up-to-date documentation, while your DSAR processors can quickly create tailored covering letters contextualising all decisions made for that particular DSAR. Your compliance team can sit back safely in the knowledge that all the latest required documentation is readily available by default.

Ultimately, your data subject receives a fully comprehensive packaged up response that covers all bases, mitigating risk of follow-up queries or complaints. And, should there be an investigation, your organisation can direct any enquiries back to the respective DSAR collection, where all supporting documentation, redactions, and decision-making are instantly available to demonstrate your completely consistent and compliant DSAR processing operations.

In summary, the Aiimi Insight Engine helps organisations like yours process high numbers of DSAR requests with complete auditable assurance, while significantly reducing impacts on your precious human resources and supporting your valued reputation. Not one to rest on our laurels, Aiimi endeavours to explore even more new ways to support your DSAR processing with new automated tools that will enable your organisation to work at scale and stay aligned. Sign up to our Aiimi Insights Newsletter to keep your ear to the ground!

Ready for a DSAR solution that automates your discovery, redaction, and disclosure processes? Book your 30-min demo to see the Aiimi Insight Engine in action.

Automate your DSARs end-to-end with the Aiimi Insight Engine. Book your 30-min demo.