Knowledge sharing across your compliance and HR teams is key to supplying a speedy DSAR response to your subject access requests. Aiimi Senior Product Designer Tom Rankin explains how to use DSAR collections, checklists, and collaborative tools to swiftly search and discover all your personal data for fully automated Data Subject Access Request processing.

Discovering personal data, and tracking and disclosing it quickly and seamlessly, is crucial to turnaround the immense number of DSARs your organisation receives within the Information Commissioner's Office (ICO) one-month alloted timeline – if you’re to avoid audits and hefty fines.

At Aiimi, we appreciate the right to access process is complex. That’s why we’ve developed a whole host of automated data discovery tools and collaborative features to help your teams carry out all your different data subject request types. Cleverly combined in one neat package, our DSAR Solution will simplify and speed up your entire end-to-end process.

DSAR automation and collaboration – sharing knowledge across your teams

Discovering, extracting, and collating personal data to deal with every single data access subject request comes with a whole raft of trials and tribulations. For starters, your unstructured and structured data (e.g., documents, spreadsheets, PDFs, CSV files, CRM records, emails, invoices, and texts) may well be scattered across diverse source systems. This can make it not only tricky but also time-consuming when it comes to locating all your relevant and related records for each subject access data request.

Added to this, if information associated with one data subject type, such as your customers, is stored in one repository, where it fulfils myriad business functions, while information for another data subject type, like your employees, is held elsewhere, you’ll run into trouble when your most appropriate request processor for that data subject type is absent, on leave, unable to support the team because of a departmental shift, or has even left your company. Your back up subject data access request processor may well be unfamiliar with the nuances of that specific data subject type – and not up to speed on the exact system or repository to search, or the specific search terms and phrases to use.

Whichever way you slice it, finding and collecting sensitive personal data takes time, and details that may be scrutinised further down the line can easily be overlooked if your request processors don’t where to look or how best to carry out searches using best-practice data subject access request software.

To deal with these scenarios, we developed the Aiimi Insight Engine to automate and streamline search and discovery with pre-configured search settings. These features are designed to enhance collaboration across your DSAR teams and bridge any knowledge gaps whenever someone, like your request processor, happens to be absent – leaving no stone unturned.

DSAR collections and pre-configurations – getting your team started

With the flood of DSARs rolling in each month, making sure your entire team can keep track of the processing status for each request – while sharing up-to-date guidelines so they can stay on top of any legal changes that may occur – is crucial. This is where a platform with dedicated Data Privacy & Compliance tools can really help.

So, let’s start at the beginning, with a quick run through of how to begin a new response using the handy visual dashboard purpose-built for our DSAR software solution. As soon as you’ve created your new DSAR response, you can easily share it to collaborate with your colleagues – and insert relevant search terms to populate your files.

It’s important to note that when your request processor starts work on a new DSAR request, getting everything together in one place as a single source of truth is key. The ability to create a specific DSAR collection of files straight from your DSAR dashboard addresses this head on. It serves as a ‘case management system’ of sorts.

Here, you can select from a range of pre-configured search settings, which act as starting points. Now your request processors can more easily discover the personal data they need, speeding up the complete process of fulfilling a DSAR request on time while tackling the challenge of maintaining a consistent ICO-determined response.

These settings include:

  1. Search terms covering naming conventions used within the business for specific data subject types.
  2. File locations, such as in SharePoint or Workday, plus any sources not crawled by the Aiimi Insight Engine and offline sources like paper documents.
  3. Personally identifiable information (PII), such as addresses, emails, marital status, or gender, for automated searches on a specific entity.

By pre-configuring your search and discovery, your request processors can more easily discover, review, and share information for all your diverse data subject types. Specific guidelines, policies, and procedures are also included for context and compliance to secure compliance, which is especially useful for any of your request processors who are not up to speed on that specific data subject type.

Overall, using DSAR collections will foster knowledge sharing and collaboration across your processing teams and power highly relevant automated searches. In doing so, you’ll be able to simplify and speed up your responses, ready for second-stage reviews and redactions later in the process.

DSAR processing checklists and safeguards – making sure nothing gets missed

We’re all fallible and prone to human error, which is why our DSAR dashboard features a handy processing checklist. Outlining a step-by-step list of activities that request processors need to perform, it makes sure that DSAR requests stay on track. Your teams can even add relevant links and create instructions for offline and paper repository searches. This will ensure that your team conducts all the correct searches online and offline, so nothing gets accidentally missed.

Your request processors can also check off this list for the benefit of other DSAR collection users, sharing a complete oversight of progress. Should one of your DSAR requests be reassigned, the succeeding request processor will know exactly where to pick up the process, reducing queries, repetition, and duplication, ultimately saving time for a faster team response. Our configuration tools also offer safeguarding features:

  • Recommended second-stage response reviewers are suggested via our DSAR tools, so you can easily find your most suitable expert second-stage reviewer to vet your DSAR responses before they’re shared with the data request subject for security and compliance.
  • Recommended data owners, in case your request processors need access permissions for secure areas or offline paper documents.
  • Editable supporting documentation, such as covering letters, your organisation’s policies specific to that data subject type, and your universal policies for all data subject types.
Steps a Request Processor can take to fulfil a DSAR - from using pre-configured search settings to gather personal data, using a processing checklist, attaching supporting documentation, and working with a recommended second-stage reviewer or data owner.

Automating knowledge sharingadding value to your business

The beauty of automated knowledge sharing is that everyone on your DSAR processing team is readily equipped to deliver a consistent end-to-end approach for every data type and request. By replacing complicated and inefficient manual processes prone to human error with an intuitive, automated, and more centralised system, our data subject access request solution makes life far easier for your compliance and human resource teams.

Preparing multiple DSAR responses for disclosure, alongside the latest policies and procedures, is invaluable when you’re inundated with a sudden influx of requests within a short turnaround time.

At the end of the day, or month if we’re talking DSARs, automating knowledge sharing across your organisation with collections, checklists, and pre-configurations will empower you to process secure, complete, and compliant DSAR requests on time, every time, reducing the probability of data subject complaints or ICO audits at a later date.

Ready for a DSAR Solution that automates your discovery, redaction, and disclosure processes? Book your 30-min demo to see the Aiimi Insight Engine in action.

Automate your DSARs end-to-end with the Aiimi Insight Engine. Book your 30-min demo.