In the second of our four-part series, Aiimi Senior Product Designer Tom Rankin explains how to use DSAR collections, checklists, and collaborative tools to swiftly search and discover all your data for fully automated Data Subject Access Request processing.

For your compliance teams, discovering sensitive personal data, and tracking and disclosing it quickly and seamlessly, is crucial to turnaround the immense number of DSARs your organisation receives within the allotted timeline – if you’re to avoid audits and hefty fines. At Aiimi, we appreciate this process is complex – and that’s exactly why we’ve developed a whole host of automated search and discovery solutions to meet the needs of all your data subject types. Together, they’ll simplify and speed up your entire end-to-end DSAR process.

DSAR automation and collaboration – sharing knowledge across your teams

Discovering, extracting, and collating privacy data to deal with every single DSAR comes with a whole raft of trials and tribulations. For starters, your unstructured and structured data (e.g., documents, spreadsheets, PDFs, CSV files, CRM records, emails, invoices, and texts) may well be scattered across diverse source systems. This can make it not only tricky but also time-consuming when it comes to locating all your relevant and related records for each request.

Added to this, if information associated with one data subject type, such as your customers, is stored in one repository, where it fulfils myriad business functions, while information for another data subject type, like your employees, is held elsewhere, you’ll run into trouble when your most appropriate request processor for that data subject type is absent, on leave, unable to support the team because of a departmental shift, or has even left your company. Your back up request processor may well be unfamiliar with the nuances of that specific data subject type – and not up to speed on the exact system or repository to search, or the specific search terms and phrases to use. Whichever way you slice it, finding and collecting sensitive personal data takes time, and details that may be scrutinised further down the line can easily be overlooked if your request processors don’t where to look or how best to carry out searches.

To deal with these scenarios, we developed the Aiimi Insight Engine to automate and streamline search and discovery with pre-configured search settings. These features are designed to enhance collaboration across your DSAR teams and bridge any knowledge gaps whenever someone, like your request processor, happens to be absent – leaving no stone unturned.

DSAR collections and pre-configurations – getting your team started

With the flood of DSARs rolling in each month, making sure your entire team can keep track of the processing status for each request – while sharing up-to-date guidelines so they can stay on top of any legal changes that may occur – is crucial. This is where a platform with dedicated compliance tools can really help. So, let’s start at the beginning, with a quick run through of how to begin a new DSAR response using our Aiimi Insight Engine’s DSAR Dashboard. As soon as you’ve created your new DSAR response, you can easily share it to collaborate with your colleagues – and insert relevant search terms to populate your files.

It’s important to note that when your request processor starts work on a new DSAR request, getting everything together in one place as a single source of truth is key. The ability to create a specific DSAR collection of files straight from your DSAR Dashboard addresses this head on. It serves as a ‘case management system’ of sorts. Here, you can select from a range of pre-configured search settings, which act as starting points. Now your request processors can more easily discover the personal data they need, speeding up the complete process of fulfilling a DSAR on time while tackling the challenge of maintaining a consistent ICO-determined response.

These settings include:

  1. Search terms covering naming conventions used within the business for specific data subject types.
  2. File locations, such as in SharePoint or Workday, plus any sources not crawled by the Aiimi Insight Engine and offline sources like paper documents.
  3. Personally identifiable information (PII), such as addresses, emails, marital status, or gender, for automated searches on a specific entity.

By pre-configuring your search and discovery, your request processors can more easily discover, review, and share information for all your diverse data subject types. Specific guidelines, policies, and procedures are also included for context and compliance to secure compliance, which is especially useful for any of your request processors who are not up to speed on that specific data subject type. Overall, using DSAR collections will foster knowledge sharing and collaboration across your processing teams and power highly relevant automated searches. In doing so, you’ll be able to simplify and speed up your responses, ready for second-stage reviews and redactions later in the process.

DSAR processing checklists and safeguards – making sure nothing gets missed

We’re all fallible and prone to human error, which is why our DSAR Dashboard features a handy processing checklist. Outlining a step-by-step list of activities that request processors need to perform, it helps DSARs stay on track. Your teams can even add relevant links and create instructions for offline and paper repository searches. This will ensure that your team conduct all the correct searches online and offline, so nothing gets accidentally missed. Your request processors can also check off this list for the benefit of other DSAR collection users, sharing a complete oversight of progress. Should one of your DSARs be reassigned, the succeeding request processor will know exactly where to pick up the process, reducing queries, repetition, and duplication, ultimately saving time for a faster team response. Our configuration tools also offer safeguarding features, such as:

  • Recommended second-stage response reviewers. The Aiimi Insight Engine suggests the most suitable expert second-stage reviewer to vet your DSAR responses before they’re shared with the data request subject to ensure security and compliance.
  • Recommended data owners, in case your request processors need access permissions for secure areas or offline paper documents.
  • Editable supporting documentation, such as covering letters, your organisation’s policies specific to that data subject type, and your universal policies for all data subject types.
Steps a Request Processor can take to fulfil a DSAR - from using pre-configured search settings to gather personal data, using a processing checklist, attaching supporting documentation, and working with a recommended second-stage reviewer or data owner.

Automating knowledge sharingadding value to your business

The beauty of automated knowledge sharing is that everyone on your DSAR processing team is readily equipped to deliver a consistent end-to-end approach for every data type and request. By replacing complicated and inefficient manual processes prone to human error with an intuitive, automated, and more centralised system, our Aiimi Insight Engine’s DSAR solution makes life far easier for your compliance and human resource teams. Preparing multiple DSAR responses for disclosure, alongside the latest policies and procedures, is invaluable when you’re inundated with a sudden influx of requests within a short turnaround time.

At the end of the day, or month if we’re talking DSARs, automating knowledge sharing across your organisation with collections, checklists, and pre-configurations will empower you to process secure, complete, and compliant DSARs on time, every time, reducing the probability of data subject complaints or ICO audits at a later date.

Ready for a DSAR solution that automates your discovery, redaction, and disclosure processes? Book your 30-min demo to see the Aiimi Insight Engine in action.

Automate your DSARs end-to-end with the Aiimi Insight Engine. Book your 30-min demo.