Packaging up consistent responses to data subject access requests is central to good customer service when it comes to your customer and employee DSARs. Aiimi Senior Product Designer Tom Rankin explains how DSAR software automates this process, so you can stay compliant, avoid costly complaints, and steer clear of time-sapping audits.

Established to uphold information rights in the public interest, promote openness by public bodies, and data privacy for individuals, the Information Commissioner’s Office (ICO) not only promotes best-practice data protection, but also guides data subjects on exactly what to expect from their DSAR request and response – and how to complain if it’s not up to spec.

This makes carefully packaging up every single DSAR response to avoid costly and time-sensitive objections and audits another key consideration for data privacy and compliance. Given the DSAR request cost implications, completing the end-to-end subject access request cycle is just as important as getting the DSAR process underway.

Processing consistent DSARs with uniform supporting documentation

Detailing exactly what structured and unstructured data you hold, where that data came from, why it’s being held, how it’s being used, who you’re sharing it with (if third-party data, what security measures were taken), and how long it will be stored, alongside all decision-making made by all team members throughout the end-to-end DSAR process is no mean feat. And lest we forget, it’s also best practice to inform each data subject how to challenge the accuracy of your response, object to your use of their data, and request its removal.

Processing all your DSAR responses to include all these components in an unwavering uniform format, alongside policies and procedures specific to each data subject type (i.e., customer, employee, client), makes for an even more daunting task. So what’s the best way to get started?

Our research with DSAR compliance teams shows that organisations are looking to DSAR automation to ensure that all supporting documentation accompanying disclosed data is consistently applied. When it comes to applying relevant supporting ICO-specified documentation, there are three key data subject access request type considerations:

  1. All: universal policies might include recommendations on how to complain to the ICO or about any aspect of the process that's applicable to everyone. This supporting documentation needs to be appended to every single DSAR response, regardless.
  2. Specific: distinct subject-specific policies (e.g., customer or employee DSAR) need to be appended to every DSAR response based on that template. This supporting documentation might include information on how and why this type of personal data is being processed.
  3. Distinct: expanding on a templated letter covering all areas that need answering, a tailored covering letter needs to be appended to every DSAR response. This is designed to speed up the creation of a more personalised, tailored response. For example, it might detail how many documents have been discovered on the data subject and how many instances have been redacted.

Automated data subject access request software delivers straight-forward responses

During our discussions, we also uncovered an added shared challenge: how do you ensure that all relevant data subject request data and ICO-specified information are successfully shared directly with the data subject?

Well, to make this as speedy and straight-forward as possible, our Aiimi Insight Engine has been purpose-built with a wide range of practical DSAR Solution tools in mind for a complete end-to-end privacy and compliance journey. Here's how:

  • Search and discovery tools automate knowledge sharing across your teams.
  • All personal data and sensitive information spread across your enterprise is automatically tagged to simplify redaction.
  • Files can be assigned to specific users to steer timely and specific second-stage DSAR reviews.
  • DSAR checklists guide a consistent response throughout the process.
  • DSAR collections can be easily compiled from our DSAR dashboard.
  • Data marked for disclosure and templated T&Cs tailored to each data subject type are automatically added to your DSAR collection.
  • All redacted data is automatically removed from your DSAR response as soon as your DSAR processor hits ‘complete’.
  • Your DSAR response, privacy policies, and covering letters are packaged up.
  • Your completed DSAR collection is disclosed via our online Disclosure Portal for a safe, secure, and seamless user experience. Two separate emails are delivered directly to the data subject: the first exports a unique URL link to their DSAR collection, and the second exports a unique password securing exclusive access. The data subject now has sole access to their downloadable DSAR collection, without exposing your organisation to any risky behaviour. The portal also records exactly who’s disclosed the response – and who’s accessed the disclosure via the URL and password – for an auditable trail. It also logs out data subjects after 15 minutes of inactivity and erases all disclosures after 30 days of issue to reduce any accidental data breach.
Diagram showing how any organisation responding to a DSAR must compile information and policy documentation that meets ICO guidelines. Using the Aiimi Insight Engine, compliance teams can access templated documentation for different data subject types, redact all third-party data, add supporting documentation, and package up their response for disclosure.

Benefits of using the Aiimi Insight Engine for end-to-end DSAR processing

All these DSAR tools and measures are designed to improve your entire end-to-end subject access request processing experience for all key players involved. Your compliance managers are assured that every response contains consistent, up-to-date documentation, while your DSAR request processors can quickly create tailored covering letters contextualising all decisions made for that particular DSAR.

Your DSAR compliance team can sit back, whether they’re working in the office or remotely, safe in the knowledge that all the latest required supporting DSAR documentation is readily available by default.

Ultimately, your data subject receives a fully comprehensive packaged up DSAR response that covers all bases, mitigating risk of follow-up queries or complaints. And, should there be an investigation, your organisation can direct any enquiries back to the respective DSAR collection, where all supporting documentation, redactions, and decision-making are instantly available to demonstrate your completely consistent and compliant DSAR processing operations.

In summary, the Aiimi Insight Engine’s DSAR Solution helps organisations like yours process high numbers of subject access data requests with complete auditable assurance, while significantly reducing impacts on your precious human resources and supporting your valued reputation.

Not one to rest on our laurels, Aiimi endeavours to explore even more new ways to support your DSAR processing with new automated data subject access request solutions designed to enable your organisation to stay aligned and work at scale.

Ready for a DSAR Solution that automates your discovery, redaction, and disclosure processes? Book your 30-min demo to see the Aiimi Insight Engine in action.

Automate your DSARs end-to-end with the Aiimi Insight Engine. Book your 30-min demo.