GDPR Subject Access Request: authentication cannot be an afterthought
As the deadline approached last year, companies scrambled to update their data protection practices. As it happened, some companies did get fined for non-compliance. Following a long period of adjustment, however, GDPR requirements have become normalised into existing compliance programs.
What many companies were ill-prepared for was the onslaught of consumers exercising their rights under the new regime. Under GDPR, a consumer can file a Subject Access Request (SAR) with an organisation to determine if that organisation is processing personal data concerning him or her, and, if the information has been shared, along with the names of the parties with which it has been shared.
In fact, these are only but a few of the searching questions that the user, as the data subject, can demand answers to. Further, once the SAR has been dispatched to the organisation, it is legally obligated to comply with the request, retrieve the information, and formally respond to the data subject – all within a month.
- Satya Nadella calls for global GDPR
- Majority of companies still aren’t GDPR-compliant
- The ramifications of GDPR
Subject Access Request
SARs hav
Be the first to write a comment.
