Connect with us

Business

A 6-STEP-GUIDE TO RESPONDING TO DATA SUBJECT ACCESS REQUESTS

Published

on

With GDPR, organizations had to change the way they collect and process customer data. Customers gained a variety of new rights regarding their personal information and one of those rights is the right to access.

This means that companies had to become much more transparent when it comes to data handling and customers became entitled to know exactly what personal information companies have on them and how they use that information.

To get this information, they need to submit a data subject access request.

Let’s see what every company should know about data subject access requests and how to respond to them in order to stay compliant with data privacy regulations.

 

What is a Data Subject Access Request?

A Data Subject Access Request (DSAR) can be submitted by anyone who wants to know which personal data you have on them and you’re obligated to provide them with a copy of that data.

These requests usually ask for a complete list of all personal data you have on the subject, but sometimes the subject will request only the specific information. Either way, you are required to provide all the information they ask for.

Here’s a list of requests you might encounter from subjects:

  • Information whether you collect and process their personal data;
  • Legal basis for collecting and processing their data;
  • Information about the source of data and how it was acquired;
  • Information about how long you’ll store their data;
  • The names of any third parties you share their information with;
  • Request to gain access to their personal data;

Subjects need no particular reason to submit a DSAR. They can request to access their data at any point. You can only ask them questions that help you verify their identity and help them locate the requested data.

You should respond to these requests as soon as possible and without any delays. Generally, you should be able to respond within one month, but if their request is too complex or you have too many of them at the same time, you may get a deadline extension. You will however still have to provide information about the delay within the first month.

 

The Challenges of Responding to a DSAR

Most companies have experienced massive growth in data collection over the last decade. However, not every organization pays close attention to data management. Without centralized and well-organized data storage, it can be challenging to gather all data on the requester, especially on a tight deadline.

Customer data is everywhere from your CRM software to your email servers. It can be challenging to find all the subject’s information if it’s scattered around.

Moreover, personal data needs to be protected from tampering and stored in secured storage in order to avoid data breaches and malicious (or even accidentally) attempts at making changes to sensitive information.

To overcome these challenges, you should rely on tools that will help you store your data safely and easily access it whenever possible.

For instance, a single email can contain tons of personal information that may be part of a DSAR. However, most companies don’t keep emails in their inboxes but instead opt for email archiving solutions that help them keep sensitive data secure, tamper-proof, and readily searchable.

These solutions will help you remain compliant not only by making responding to data subject access requests easy and efficient but also by creating custom email retention policies and limiting access to certain data.

Make sure that you have the right tools before you receive DSARs as they will allow you to greet them prepared and respond in a timely manner without any issues.

 

Responding to a DSAR: a step-by-step guide

When it comes to handling a DSAR, there is no strict, formal process in place. However, there are some steps that can follow that can help you seamlessly respond to DSAR.

1. Verify the Subject’s Identity

First, you should verify the identity of the person who submitted the request. This is a necessary step in order to determine whether you even have the information the requester is looking for.

Be careful to safely distribute data from the beginning, as sending the subject’s information to the wrong person within your organization may be a data breach.

2. Determine the Nature of the Request

Next, you should carefully review the request to establish exactly what the subject wants to know.

Usually, requesters will simply request to see all their personal data you’ve collected. However, they may also request rectification if they think the data is inaccurate and needs correction.

This is a good time to determine whether you’ll be able to respond to the request within one month or not, and request more time from the subject if you estimate that this time frame is not realistic.

3. Review the Subject’s Data

Before sending collected data to the subject, you should carefully review it. Make sure that you didn’t accidentally include anyone else’s data, to avoid committing a data breach.

You can also add explanations for why you are collecting each piece of data, what you are using it for, and how you are storing it.

4: Collect all Data and Formulate the Response

The next step you should take is to gather all of the subject’s data and formulate the response.

Opt for a file type that’s easily accessible and commonly used. The GDPR encourages companies to give subjects direct access to their data whenever possible.

Besides that, there are no strict rules regarding the format of your response. It will mainly depend on the type and volume of data you’re providing. Just make sure that your response is as comprehensive as possible and that it contains all of the information the subject asked for.

5: Remind the Subject about their Rights

Your response should also include a section about the subject’s data privacy rights at the end. Remind the requester that they have the right to request data rectification, submit a complaint to supervising authorities, or even object to collecting and processing of their data altogether.

6: Send the Response to the Subject

Finally, send the finalized response to the subject. Make sure that you’re documenting your communications with the subject in case you need to demonstrate compliance and accountability in an audit trail.

Responding to a data subject access request shouldn’t be too complicated, but it can be a tedious and long process. To help you make sure that you haven’t missed any important information and to make the whole process more streamlined, follow these 6 steps. They will help you respond to data subject access requests quickly and remain compliant without any bumps down the road.

 

Business

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Published

on

By

Jennifer Sims, Senior Consultant at Xledger

 

The world of finance software is evolving quickly, but with many new software contenders entering the market it can be a mindfield for organisations. Many finance teams are already using multiple accounting apps and software packages for bookkeeping, payroll and invoicing to service individual needs. Whilst it may work fine for now, this segregated approach isn’t sustainable for long-term growth. The world is swiftly moving to agile, automated ways of working. As a result, there is a growing need to choose suppliers that can fulfil multiple functionalities within the one platform.

Financial software is evolving at such a pace that it can be difficult to keep up. Changing up a finance solution is a big step and ease of migration can be a substantial factor in determining which solution provider to go with. But how do you choose a solution that will grow with your business and still offer something innovative in five or ten years down the line? The fear is always that non-techie organisations will end up falling behind, but in such a highly concentrated industry, how do you decide which solution would work best for you?

 

Cloud-first: the term that makes all the difference 

You could find a ‘cloud-based’ service with an application that comes with automated audit trails to make it easier to meet compliance and record-keeping obligations, for example. But for a solution to offer all of the many future benefits promised by the cloud, it needs to have been built specifically for a cloud environemt from the outset – ie. not an on-premise built system that has been later adapted. Cloud-first services (true cloud) were always intended to leverage economies of scale, cope with live updates, be accessible from anywhere with an internet connection, and to scale rapidly, to name just a few of the many benefits.

When we talk about innovation in financial technology, we’re not just talking about software that makes it easier for the financial controller to create reports. If eliminating reliance on Excel spreadsheets is the only tangible benefit you have to really shout about, you are missing out on the real deal. With ‘true’ cloud finance software the sky is the limit.

Finance and accounting technology needs to directly meet the needs of the finance function and support the wider business needs.  When looking at accounting software platforms you’d be hard pressed to find one that doesn’t now promise ‘cloud-based’ enterprise resource planning (ERP) capabilities. The cloud is nothing new, but it’s the way that a solution harnesses this environment that makes a real difference. And here is where there is a need to read between the lines.

 

Automate more with true cloud 

Historically, repetitive and manual tasks are typical of the finance role – from invoice postings to expense claims handling – these can overwhelm the finance team. Research by Xledger[1] has found that an enormous 91% of CFOs and finance decision makers are carrying out at least one of these repetitive tasks as part of their job. What’s more, senior finance leads are averaging a whopping 25 hours per week carrying out repetitive and manual tasks, compared with 15 hours for other finance decision makers.

A modern, true cloud finance system can enable your business to automate repetitive tasks and provide one source of truth so that teams can make informed business decisions that will help to scale a business. Bank reconciliation, dashboard creation and reporting are just some of the tasks that can be handled automatically.These capabilities are aiding overtasked finance teams and saving hundreds or thousands of hours a year.

Whilst different companies are at different stages in their digital transformation what is clear is keeping up with the latest technology is fundamental to the future success of an organisation.

Xledger is a true cloud finance solution. The basics include invoicing, robust general ledger accounting, detailed slice and dice reporting, purchase orders, billing, VAT reporting, and cash and bank payments. It also adds process and structure to the enterprise with procurement and inventory, budgeting and forecasting, and project accounting. Users are always on the latest version of the software and with regulation more stringent than ever today, Xledger is ISO 27001 accredited.

Choosing the right provider for your financial ERP solution comes down to whether it has the fundamentals right. When hosting all of your vital data in the providers’ own servers, it should evidence a highly tested security process that comes with backup services as standard.

As our demand for technology capabilities grows and as ERP models progress, innovation will become the structure for growth – and there is no end to the possibilities.

 

Continue Reading

Business

HOW RETURNS ABUSE AFFECTS RETAILERS

Published

on

By

By Aaron Begner, EMEA GM at Forter

 

Accompanying the significant growth in ecommerce over the past 12 months, is the need for retailers to manage the impact of a growing array of fraud and abuse challenges. One type of fraud that can easily fly under the radar is the abuse of a merchant’s returns policies.

Returns abuse can be difficult to detect and prevent for retailers, as often it is a challenge to identify fraudulent behaviour vs. a ‘usually-good’ consumer trying to bend – but not break – return policies. Therefore, it’s often a challenge to identify how returns abuse actually affects retailers. Here are three of the biggest ways that returns abuse negatively impacts business.

 

Lost Revenue

The most obvious effect that returns abuse has on a business is lost revenue, which can be significant. Research indicates that returns abuse may be costing retailers up to $15 billion per year. When fraudsters purchase items with the intent of abusing returns policies, the retailer makes no profit. Furthermore, it stops legitimate customers from purchasing the items they want, as fraudsters who don’t want the items are moving them around.

Various types of returns abuse can profoundly damage retailers’ bottom lines. Some tactics, such as shoplisting, where fraudsters try to obtain a refund for a list of products listed on a perfectly valid receipt, yet that they never purchased to begin with, can significantly impact retailers’ bottom line.

 

Increased Operational Costs

Returns abuse doesn’t only affect revenue pertaining to the products themselves. There are also operational costs to consider. An increase in returns abuse will often lead to more consideration being put into checking every return, for signs of abuse taking place. This can range from missing tags to damage or wear on the product. This process can be time-consuming, meaning more resources might be necessary to continue operating in an efficient manner. Handling and warehousing costs can also begin to increase, with returned items becoming significantly less valuable.

 

A Poor Customer Experience

As returns abuse continues to increase, many retailers will feel pressure to tighten their return policies. This could range from reducing the allotted time for eligible returns, to only issuing store credit instead of cashback. In some cases, more extreme measures such as requiring a restocking fee for more expensive merchandise will be taken.

While these are all effective ways to help diminish the effect of returns abuse on retailers, they can also have an adverse effect on a retailer’s customer experience. If loyal customers have become accustomed to a more flexible and forgiving return policy, they could be taken by surprise when it’s more difficult for them to return their items.

Ultimately, it can be tricky to balance the two. Returns abuse negatively affects retailer revenue and the overall business, but so does a poor customer experience.

 

The Negative Impact of Returns Abuse Cannot Be Understated

Returns abuse is often overlooked. It can be difficult to detect, but significantly impacts revenue and operations. Because stricter return policies may restrict loyal customers, the reputation of a retailer’s business can be affected. Poor customer experiences can lead to bad reviews and a loss of current and potential customers. Because of this, returns abuse prevention should be a top priority for all retailers.

With this information in hand, retailers can get a better understanding of how returns abuse affects their business and why they need to put a prevention plan in place, as soon as possible.

 

Continue Reading

Magazine

Trending

Business2 hours ago

THE EVOLVING TECHNOLOGY NEEDS OF THE FINANCE DEPARTMENT

Jennifer Sims, Senior Consultant at Xledger   The world of finance software is evolving quickly, but with many new software...

Business2 hours ago

HOW RETURNS ABUSE AFFECTS RETAILERS

By Aaron Begner, EMEA GM at Forter   Accompanying the significant growth in ecommerce over the past 12 months, is the...

News2 hours ago

TINTRA PLC FINALISES JOINT VENTURE WITH ARTIFICIAL INTELLIGENCE PARTNER TO BUILD INDUSTRY CHANGING REGULATORY TECHNOLOGY

Innovative fintech company, Tintra PLC(https://tintra.com/), has formed a joint venture with award-winning Artificial Intelligence and Machine Learning business, TMC2, via...

News2 hours ago

CELLPOINT DIGITAL PARTNERS WITH VYNE TO ENABLE INSTANT OPEN BANKING PAYMENTS FOR MERCHANTS

The partnership will allow CellPoint Digital customers to incorporate Vyne into its payment ecosystem and access instant payments without a...

Business3 days ago

WHY A MULTI-ACQUIRER STRATEGY IS KEY TO GLOBAL GROWTH

As online business grows exponentially, finally fulfilling the internet’s promise of a ‘global village’ in which anyone can buy and...

Business3 days ago

TAKE THE NO-CODE LEAP TO DIGITAL INNOVATION WITH A FUSION TEAM

Chris Obdam, CEO, Betty Blocks   In the last couple of years, a new sector has emerged alongside enterprise financial...

Finance3 days ago

HOW FINANCIAL ORGANIZATIONS CAN PROTECT THEIR DATA

Yuval Wollman, President, CyberProof and Chief Cyber Officer, UST   Top executives from Wall Street’s largest banks pinpointed cybersecurity as the...

Top 103 days ago

IF IT’S A LOSS, YOU’RE TOO LATE – WHY THE INSURANCE INDUSTRY NEEDS TO FOCUS ON FIRST NOTIFICATION OF RISK

Simon Dicks, Insurance Channel Manager EMEA, Lytx   Insuring commercial fleets can be an expensive business. Average repair costs have...

Business3 days ago

IDENTITY SECURITY IN THE ERA OF SOX

By Steve Bradford, Senior Vice President, EMEA, SailPoint   The Sarbanes-Oxley Act (SOX) is a federal law that mandates practices...

News3 days ago

EXPERIAN LAUNCHES VERIFICATION SERVICE TO SUPPORT FASTER, MORE ACCURATE LENDING DECISIONS

Work Report™ is the UK’s first service that automates the digital sharing of payroll information on behalf of the consumer...

News4 days ago

TENUREX AND ELUCIDATE PARTNER TO INCREASE FINANCIAL INCLUSION WORLDWIDE

TenureX and Elucidate have announced a strategic partnership with a mission to increase financial inclusion worldwide and tackle the laborious...

Banking4 days ago

WHY THE TIME IS NOW TO BANK BEYOND BORDERS

by Lili Metodieva, MD of Monneo   As our world becomes more interconnected, so too does the need for banking...

News4 days ago

PAYCAST PARTNERS WITH MARQETA AND MASTERCARD FOR NEW MARKETPLACE PAYMENT SOLUTION

Paycast will leverage Marqeta’s modern card issuing platform and the Mastercard network to empower marketplaces with payment solutions that help...

Finance5 days ago

HOW FS ORGANISATIONS CAN USE API-DRIVEN DATA AUTOMATION TO JOIN THE OPEN BANKING REVOLUTION

By Steve Barrett, Senior Vice President, International Operations at Delphix    Technology is rapidly transforming all industries across the world. However, for the...

Banking5 days ago

IT’S TIME FOR BANKS TO SIT THEIR CUSTOMERS DOWN AND TALK OPEN BANKING

Eugene Danilkis, CEO at Mambu   We are living in an experience economy, and banking is no different. Customers need...

Banking5 days ago

WILL CHALLENGER OR TRADITIONAL BANKS WIN THE SECURE CARD PAYMENTS BATTLE?

By Vince Graziani, CEO, IDEX Biometrics ASA   Challenger banks have shaken up the payment ecosystem in the last decade....

Banking5 days ago

TOP ITALIAN BANK ROLLS OUT FIRST OF ITS FULLY DIGITAL BRANCHES WITH AURIGA

Banca Carige Smart, the new intelligent branch model enabled by Auriga #NextGenBranch solutions , combines digitalisation with a human touch...

Banking5 days ago

HOW BANKS CAN PROTECT THEMSELVES AGAINST RANSOMWARE

Jay Ralph, Managed Cloud Global Sales Lead at SoftwareONE   We’ve seen a slew of high-profile ransomware attacks in 2021. From hackers...

News5 days ago

BLOCKERS TO BLOCKCHAIN ADOPTION LIFT FOR 65% OF FINANCIAL ORGANISATIONS

Four years of data from Visma | Onguard’s Fintech Barometer finds growing confidence in blockchain technology   65% of organisations...

News6 days ago

SAME DAY REMITTANCE IS A WELCOME BOOST FOR SMALL MERCHANTS THIS BLACK FRIDAY

UTP Merchant Services, Jaime Lowe, Sales Director On November 26th, much of the globe will witness the start of the...

Trending