Connect with us

Business

A 6-STEP-GUIDE TO RESPONDING TO DATA SUBJECT ACCESS REQUESTS

Published

on

With GDPR, organizations had to change the way they collect and process customer data. Customers gained a variety of new rights regarding their personal information and one of those rights is the right to access.

This means that companies had to become much more transparent when it comes to data handling and customers became entitled to know exactly what personal information companies have on them and how they use that information.

To get this information, they need to submit a data subject access request.

Let’s see what every company should know about data subject access requests and how to respond to them in order to stay compliant with data privacy regulations.

 

What is a Data Subject Access Request?

A Data Subject Access Request (DSAR) can be submitted by anyone who wants to know which personal data you have on them and you’re obligated to provide them with a copy of that data.

These requests usually ask for a complete list of all personal data you have on the subject, but sometimes the subject will request only the specific information. Either way, you are required to provide all the information they ask for.

Here’s a list of requests you might encounter from subjects:

  • Information whether you collect and process their personal data;
  • Legal basis for collecting and processing their data;
  • Information about the source of data and how it was acquired;
  • Information about how long you’ll store their data;
  • The names of any third parties you share their information with;
  • Request to gain access to their personal data;

Subjects need no particular reason to submit a DSAR. They can request to access their data at any point. You can only ask them questions that help you verify their identity and help them locate the requested data.

You should respond to these requests as soon as possible and without any delays. Generally, you should be able to respond within one month, but if their request is too complex or you have too many of them at the same time, you may get a deadline extension. You will however still have to provide information about the delay within the first month.

 

The Challenges of Responding to a DSAR

Most companies have experienced massive growth in data collection over the last decade. However, not every organization pays close attention to data management. Without centralized and well-organized data storage, it can be challenging to gather all data on the requester, especially on a tight deadline.

Customer data is everywhere from your CRM software to your email servers. It can be challenging to find all the subject’s information if it’s scattered around.

Moreover, personal data needs to be protected from tampering and stored in secured storage in order to avoid data breaches and malicious (or even accidentally) attempts at making changes to sensitive information.

To overcome these challenges, you should rely on tools that will help you store your data safely and easily access it whenever possible.

For instance, a single email can contain tons of personal information that may be part of a DSAR. However, most companies don’t keep emails in their inboxes but instead opt for email archiving solutions that help them keep sensitive data secure, tamper-proof, and readily searchable.

These solutions will help you remain compliant not only by making responding to data subject access requests easy and efficient but also by creating custom email retention policies and limiting access to certain data.

Make sure that you have the right tools before you receive DSARs as they will allow you to greet them prepared and respond in a timely manner without any issues.

 

Responding to a DSAR: a step-by-step guide

When it comes to handling a DSAR, there is no strict, formal process in place. However, there are some steps that can follow that can help you seamlessly respond to DSAR.

1. Verify the Subject’s Identity

First, you should verify the identity of the person who submitted the request. This is a necessary step in order to determine whether you even have the information the requester is looking for.

Be careful to safely distribute data from the beginning, as sending the subject’s information to the wrong person within your organization may be a data breach.

2. Determine the Nature of the Request

Next, you should carefully review the request to establish exactly what the subject wants to know.

Usually, requesters will simply request to see all their personal data you’ve collected. However, they may also request rectification if they think the data is inaccurate and needs correction.

This is a good time to determine whether you’ll be able to respond to the request within one month or not, and request more time from the subject if you estimate that this time frame is not realistic.

3. Review the Subject’s Data

Before sending collected data to the subject, you should carefully review it. Make sure that you didn’t accidentally include anyone else’s data, to avoid committing a data breach.

You can also add explanations for why you are collecting each piece of data, what you are using it for, and how you are storing it.

4: Collect all Data and Formulate the Response

The next step you should take is to gather all of the subject’s data and formulate the response.

Opt for a file type that’s easily accessible and commonly used. The GDPR encourages companies to give subjects direct access to their data whenever possible.

Besides that, there are no strict rules regarding the format of your response. It will mainly depend on the type and volume of data you’re providing. Just make sure that your response is as comprehensive as possible and that it contains all of the information the subject asked for.

5: Remind the Subject about their Rights

Your response should also include a section about the subject’s data privacy rights at the end. Remind the requester that they have the right to request data rectification, submit a complaint to supervising authorities, or even object to collecting and processing of their data altogether.

6: Send the Response to the Subject

Finally, send the finalized response to the subject. Make sure that you’re documenting your communications with the subject in case you need to demonstrate compliance and accountability in an audit trail.

Responding to a data subject access request shouldn’t be too complicated, but it can be a tedious and long process. To help you make sure that you haven’t missed any important information and to make the whole process more streamlined, follow these 6 steps. They will help you respond to data subject access requests quickly and remain compliant without any bumps down the road.

 

Business

Ransomware chokes COBRA: How AI-powered data analysis can support financial services’ plight

Published

on

By Toby Butler, Financial Crime Solutions Manager at Ripjar

 

Ransomware attacks are on the increase in the United Kingdom. Most of the British Government’s COBRA meetings have been convened in response to ransomware attacks, showing how cybersecurity breaches are as pressing as national emergencies and crises. The National Cyber Security Centre’s (NCSC) annual review found this year that the country was hit by 17 ransomware incidents that were so impactful they “require a nationally coordinated response”. That extends to the financial services sector, which saw an increase of ransomware attacks with 55% of organisations hit in 2021.

Where does this leave the sector and how can artificial intelligence and machine learning be instrumental in understanding the risks companies face against future ransomware attacks?

Toby Butler

Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them. The UK is one of the most cyber-attacked countries in the world and the Government has been criticised for being “ill-equipped” to deal with this exponential rise of fraud cases.

 

Ransomware-as-a-Service

Ransomware is one of the most common forms of cybercrime. Fighting it has become one of the biggest problems that organisations today face during their everyday operations. For instance, Malware (malicious software) encrypts the files of a single computer, then works its way through an entire network to reach the server and inflict maximum damage. Company information is being stolen and sold to different threat groups, who prey on the individuals in that organisation who are more likely to pay them.

When these attacks occur the victims, more often businesses, are left with minimal options. If they have substantial backup solutions already in place, they can attempt to restore the encrypted data to their servers. But if that data isn’t already secured elsewhere, they may need to pay a ransom to the criminals behind the attack. Thereby allowing the business to function once again and restoring their reputation. The cost of paying the ransom will feel considerably smaller compared to starting a business again from scratch. Sophos’ State of Ransomware in Financial Services 2022 report found that 52% of financial services organisations paid the ransom to restore their data, the average remediation cost in financial services was US$1.59M.

Cybersecurity Ventures estimates that ransomware is set to cost global businesses more than $256 billion by the end of 2031. By that token, organisations need to be extremely mindful of the potential threats they may face. Businesses need to understand the methodologies these hackers use, to address the weaknesses within their domain and take measures to isolate and prevent further ransomware attacks from happening again.

 

The rise of WAMs

According to a recent report by security firm CyberSixgill, 19% of the 3,612 cyberattacks that took place in 2021 were traced back to Wholesale Access Markets – or WAMs for short. WAMs are, in essence, underground internet flea markets. These markets are where aspiring attackers come to purchase network access from threat actors – the individual or entity involved in carrying out the cyber-attack. Types of threat actors include insiders, cybercriminals, rival organisations, or even nation states stealing data.

WAMs sell access to multiple compromised endpoints (or pathways) for around 10-20 dollars. Researchers found that WAMs listed access to approximately 4.3 million compromised endpoints in 2021, which include access to both provider and enterprise software (for example, an organisation’s Slack channel) up to 180 days before the attack itself took place. This shows how long these compromised endpoints remain undetected without proper internal analysis.

 

How can Financial Services stay ahead of the curve?

The use of Artificial Intelligence (AI) and machine learning is undisputed across modern businesses and sectors, and continues to revolutionise processes across the board. AI is a significant player in the financial services industry, building the ‘cyber-wall’ against nefarious users. It gives organisations optimal insights into reducing the likelihood of a ransomware attack in the future.

Namely, AI and machine learning collects and analyses vast amounts of messy (structured and unstructured) data from disparate sources. The challenge for the sector is to understand the volume and variety of the raw data collected from any source to build better protection in the future.

Structured information could be best understood as the clear data we see in a table. For example, the following attendees made a business meeting: first name – Joan, surname – Smith, age – 46. But unstructured information is information presented in a complex manner. For example, ‘there were five people who attended the business meeting, one of whom was forty-six and called Joan Smith’. Naturally, due to the complex nature of the prose, it would be more difficult for a machine to process that data into a digestible format for further risk analysis. This is where AI continues to prove invaluable.

AI uses natural language processing to understand the information provided on the web. As the software continues to evolve, natural language processing reads the information in a way a human would to extract the key information from the text. By incorporating AI and machine learning within an organisation’s IT infrastructure, companies operating within financial services can be better equipped to handle cybercrime.

These tools are flexible and adaptable, they can be configured to analyse different types of data from different sources to curate key insights. This collated information provides a better analysis of the organisation’s exposure, allowing them the opportunity to get upstream in preventing future attacks. This kind of approach is essential to processing listings on WAMs.

The power to analyse data to identify weakness is vital in the battle against cybercrime. It gives organisations a better understanding into what they could expect to see in the future. Hosting the correct data, and with the analytical skills, financial organisations can gain a better understanding of the methodologies and weaknesses in-house that attackers use and exploit to hold them to ransom. Organisations can then use this as a reference to pinpoint compromised endpoints, giving them a chance to reduce access before this route can be exploited and ruin their business.

With cybercrime and ransomware continuing to remain prevalent, it’s vital that financial services companies understand how they can get ahead of the curve and build a robust security platform within their IT infrastructure that can withstand an attack. In 2022, a ransomware attack occurred every 40 seconds. The mindset for the sector needs to be one of when, not if.

Organisations need to be thinking about an attack now – before it’s happened. Pre-planning and preparing for the worst possible outcome from future threats and adversaries. The introduction of AI and machine learning in the fight against cybercrime is a must, and the sooner the industry gets behind in implementing AI, the safer it will be through the next decade.

 

 

Continue Reading

Business

SVEA BANK ACQUIRES AREX’S FINTECH OPERATION IN FINLAND

Published

on

By

AREX Markets, the data-driven FinTech company that drives financing costs down for SMEs and enables them to get paid quicker, has announced the sale of its Finland operations to Swedish payment and financing institution Svea Bank.

With the deal, Svea will further strengthen its position as a corporate financier, as AREX’s c.1200 Finnish customers and partnerships in the areas of financial management and financial management software will be transferred to the bank’s portfolio. The Finnish operation of AREX has financed over EUR 500M worth of invoices.

AREX’s Spanish and UK operations remain unaffected and remain focused on building embeddable financing products for third party platforms. Customers in Finland have been informed of their transition, and their contracts and service details will port across to Svea.

Svea is reshaping the playing field of corporate finance in Finland, and taking on the operations of AREX in the region is a natural step to strengthen their own business and at the same time offer AREX’s partners and customers an easy path to a wider range of services than before.

“Over the years, Svea has grown a lot also through business transactions, therefore acquiring AREX’s business operations in Finland was a good and natural solution for us. In addition, the deal is pleasant for us at Svea because the focus of our activities is to help partners and customers succeed – offering AREX’s partners and customers a wider range of services is exactly that,” says Pasi Väre, country manager of Svea in Finland.

The deal also brings new opportunities for AREX to focus on the UK and Europe in its roll out of embeddable financing products, which can be white-labelled by neobanks, ERPs and accounting software alike. The business is seeking to bridge the liquidity gap faced by most small businesses in the face of a recessive economic climate.

UK SME’s can continue to access AREX’s core invoice financing product through the Xero marketplace.

“For us at AREX, this is a great step: we are developing a stronger presence in the field of embedded finance, which is underpinned by our sophisticated marketplace software, our strongest point,” says AREX’s CEO, Airto Vienola.

“For the AREX team it was extremely important that we find the best possible corporate financier to take care of the business’ customers and partnerships in Finland. Svea convinced us with their customer and partner-centric approach”, adds AREX’s co-founder Perttu Jalkanen.

Continue Reading

Magazine

Trending

Business15 hours ago

Ransomware chokes COBRA: How AI-powered data analysis can support financial services’ plight

By Toby Butler, Financial Crime Solutions Manager at Ripjar   Ransomware attacks are on the increase in the United Kingdom....

Banking22 hours ago

How Banks Can Boost App Innovation, Speed and Compliance

Steve Barrett, Senior Vice President of International Operations, Delphix  As new finance and banking applications disrupt the market each day,...

Business22 hours ago

SVEA BANK ACQUIRES AREX’S FINTECH OPERATION IN FINLAND

AREX Markets, the data-driven FinTech company that drives financing costs down for SMEs and enables them to get paid quicker, has...

News22 hours ago

ICICI Lombard and AU Small Finance Bank announce Bancassurance tie-up

ICICI Lombard General Insurance, India’s leading private sector non-life insurance company, is entering into a Bancassurance tie-up with AU Small Finance Bank....

Finance22 hours ago

Crypto’s tipping point

Chris George, Senior VP of Product at Somo argues that Crypto needs to improve its scalability to be taken seriously Cryptocurrencies are...

Business4 days ago

Why Procurement is key in delivering your ESG strategy

By Edward Cox, Principal at Efficio Consulting   Environmental, social, and governance (ESG) has shifted from a niche to a...

Finance4 days ago

Skedadle to change the game for advertising with Currencycloud partnership

Currencycloud, the experts simplifying business in a multi-currency world, has partnered with Scottish start-up app Skedadle to provide its users...

Finance4 days ago

How financial services organisations can harness the power of low-code/no-code

By Joman Kwong, Strategic Solutions Manager, Financial, at Laserfiche   The UK’s erratic economy, and its spiralling cost-of-living crisis, have...

Finance4 days ago

SaaScada Top Five Predictions for 2023

From BNPL for business, to sustainability and financial inclusion, 2023 is going to be a year of change as the...

Business6 days ago

Hidden channel costs: how to find and tackle them

By Mark Wass, Strategic Sales Director, UK and North EMEA at CloudBlue     Growth for businesses will always be a...

Finance6 days ago

Is your business ready for finance automation?

Mari-Frances Bentvelzen, Business Head and General Manager of Global SMB at SAP Concur   As managers continue to drive their...

Top 106 days ago

The power of a proactive customer service

By Delia Pedersoli, COO, MultiPay   2023 is shaping up to be another challenging period for B2C businesses. While the...

Business6 days ago

Automation nation: Liberating workers from desks, data entry and the doldrums

Gert-Jan Wijman, VP of EMEA at Celigo.   Just when businesses thought the tough times were over, even more challenges...

News6 days ago

Protean and Fino Payments Bank tie-up to expand PAN card issuance services in India

Fino Payments Bank has tied up with Protean eGov Technologies (formerly NSDL e-Governance Infrastructure Limited), a market leader in universal,...

Business6 days ago

What is the True Cost of SMS Phishing?

Gemma Staite, Threat Analytics Lead   Cybercriminals will recycle attack strategies for as long as they are effective. In Fraud...

Technology7 days ago

Digital Asset Management (DAM) To Transform Enterprise Brand Management

Alexander Rich, Co-founder and CEO – Desygner    Rapid digital transformation fuelled by the pandemic has undoubtedly proven beneficial to...

Finance7 days ago

Cost of living: How to identify vulnerable customers

Ellie Engley is account director at REaD Group   In the current climate, the cost of living crisis is a...

Banking7 days ago

Is traditional business banking the best option for SME finance squeezes?

Airto Vienola, CEO, AREX Markets  The pressures facing business and personal finances alike have been well documented. Stories are now starting...

Business7 days ago

Breaking down communications silos to streamline the customer experience

Dave Tidwell, Head of Technical Pre-sales, DigitalWell   The pandemic has, without doubt, moved the goalposts when it comes to...

Business7 days ago

How growth can be a big challenge when a business becomes multiple entities

By Paul Sparkes, Commercial Director of award-winning accounting software developer, iplicit. Organisations don’t just grow in size – they also...

Trending