Connect with us

Business

A 6-STEP-GUIDE TO RESPONDING TO DATA SUBJECT ACCESS REQUESTS

Published

on

With GDPR, organizations had to change the way they collect and process customer data. Customers gained a variety of new rights regarding their personal information and one of those rights is the right to access.

This means that companies had to become much more transparent when it comes to data handling and customers became entitled to know exactly what personal information companies have on them and how they use that information.

To get this information, they need to submit a data subject access request.

Let’s see what every company should know about data subject access requests and how to respond to them in order to stay compliant with data privacy regulations.

 

What is a Data Subject Access Request?

A Data Subject Access Request (DSAR) can be submitted by anyone who wants to know which personal data you have on them and you’re obligated to provide them with a copy of that data.

These requests usually ask for a complete list of all personal data you have on the subject, but sometimes the subject will request only the specific information. Either way, you are required to provide all the information they ask for.

Here’s a list of requests you might encounter from subjects:

  • Information whether you collect and process their personal data;
  • Legal basis for collecting and processing their data;
  • Information about the source of data and how it was acquired;
  • Information about how long you’ll store their data;
  • The names of any third parties you share their information with;
  • Request to gain access to their personal data;

Subjects need no particular reason to submit a DSAR. They can request to access their data at any point. You can only ask them questions that help you verify their identity and help them locate the requested data.

You should respond to these requests as soon as possible and without any delays. Generally, you should be able to respond within one month, but if their request is too complex or you have too many of them at the same time, you may get a deadline extension. You will however still have to provide information about the delay within the first month.

 

The Challenges of Responding to a DSAR

Most companies have experienced massive growth in data collection over the last decade. However, not every organization pays close attention to data management. Without centralized and well-organized data storage, it can be challenging to gather all data on the requester, especially on a tight deadline.

Customer data is everywhere from your CRM software to your email servers. It can be challenging to find all the subject’s information if it’s scattered around.

Moreover, personal data needs to be protected from tampering and stored in secured storage in order to avoid data breaches and malicious (or even accidentally) attempts at making changes to sensitive information.

To overcome these challenges, you should rely on tools that will help you store your data safely and easily access it whenever possible.

For instance, a single email can contain tons of personal information that may be part of a DSAR. However, most companies don’t keep emails in their inboxes but instead opt for email archiving solutions that help them keep sensitive data secure, tamper-proof, and readily searchable.

These solutions will help you remain compliant not only by making responding to data subject access requests easy and efficient but also by creating custom email retention policies and limiting access to certain data.

Make sure that you have the right tools before you receive DSARs as they will allow you to greet them prepared and respond in a timely manner without any issues.

 

Responding to a DSAR: a step-by-step guide

When it comes to handling a DSAR, there is no strict, formal process in place. However, there are some steps that can follow that can help you seamlessly respond to DSAR.

1. Verify the Subject’s Identity

First, you should verify the identity of the person who submitted the request. This is a necessary step in order to determine whether you even have the information the requester is looking for.

Be careful to safely distribute data from the beginning, as sending the subject’s information to the wrong person within your organization may be a data breach.

2. Determine the Nature of the Request

Next, you should carefully review the request to establish exactly what the subject wants to know.

Usually, requesters will simply request to see all their personal data you’ve collected. However, they may also request rectification if they think the data is inaccurate and needs correction.

This is a good time to determine whether you’ll be able to respond to the request within one month or not, and request more time from the subject if you estimate that this time frame is not realistic.

3. Review the Subject’s Data

Before sending collected data to the subject, you should carefully review it. Make sure that you didn’t accidentally include anyone else’s data, to avoid committing a data breach.

You can also add explanations for why you are collecting each piece of data, what you are using it for, and how you are storing it.

4: Collect all Data and Formulate the Response

The next step you should take is to gather all of the subject’s data and formulate the response.

Opt for a file type that’s easily accessible and commonly used. The GDPR encourages companies to give subjects direct access to their data whenever possible.

Besides that, there are no strict rules regarding the format of your response. It will mainly depend on the type and volume of data you’re providing. Just make sure that your response is as comprehensive as possible and that it contains all of the information the subject asked for.

5: Remind the Subject about their Rights

Your response should also include a section about the subject’s data privacy rights at the end. Remind the requester that they have the right to request data rectification, submit a complaint to supervising authorities, or even object to collecting and processing of their data altogether.

6: Send the Response to the Subject

Finally, send the finalized response to the subject. Make sure that you’re documenting your communications with the subject in case you need to demonstrate compliance and accountability in an audit trail.

Responding to a data subject access request shouldn’t be too complicated, but it can be a tedious and long process. To help you make sure that you haven’t missed any important information and to make the whole process more streamlined, follow these 6 steps. They will help you respond to data subject access requests quickly and remain compliant without any bumps down the road.

 

Business

HOW TO CREATE A PROFORMA INCOME STATEMENT FOR YOUR STARTUP?

Published

on

By

There are two reasons why you are on this page right now. First, you are just starting with your business, and you want to learn about pro forma. Second, you are not sure if you are making your business proforma income statement correctly.

Before we discuss the process of creating a proforma income statement for your business, let’s start with the definition of proforma.

 

Pro forma: What is it and why I need one

Pro forma is the process of calculating financial results with the use of presumptions or projections. It is a Latin term that means “for the sake of the form” or “as a matter of form.” Businesses used this to describe a document needed to conform to a specific doctrine or norm.

A pro forma income statement is a component of the financial projections of any business. It should be included in the financials of a business plan. This income statement is just like a historical income statement. The only difference is that it projects the future instead of the past. It will help you make some operational changes right away if the projections predict a decrease in profitability.

Now that you know what a proforma is, the next part is about creating a proforma income statement for your startup business.

 

Uses of Proforma Income Statement

Pro forma income statement has several uses. Some of which are as follows:

Planning and Control

The income statement is used in estimating in-coming budgets and sales. It serves as a planning tool to set standards for future operations and business activities. The financial information is used to control and monitor the performance based on the set standards. It is achieved through the use of various tools like variance analysis and ratio analysis.

Reporting

Some businesses are required by the legislation to prepare a pro forma financial statement as part of their financial report.

Financial Modeling

It is also used in creating a summary of the expenses and incomes of your business. The financial models can help you in deciding, and it is based on the presumptions done by the company.

 

Steps on How to Create a Proforma Income Statement

Below are the steps in preparing the proforma income statement:

 

Step #1 Calculate Business Revenue Projections

When creating a proforma income statement, you should use realistic market assumptions. You can do some research or talk to the experts to determine the expected yearly revenue, asset accumulation, and cash flow.

Here are steps on how you calculate revenue projections of your business:

a.   Estimate How Much to Sell

Determine how much of your product you are going to sell within a specific period. Also, you should have a better understanding of the market.

b.   Calculate the Projected Income

To calculate your projected income, multiply your total estimated sales by the amount you charge for every item you sell. After estimating how much you will sell, determine the cost of each product.

c.    Calculate the Projected Expenses

Next, calculate the projected expenses of the company. It is a must to figure out how much the company is spending in producing your products or services.

d.   Subtract projected expenses from projected income

The final step in calculating business revenue projections is subtracting projected income from your projected income.

Step #2 Estimate Liabilities and Costs

Liabilities are the lines of credit and loans of the company. On the other hand, the costs are your lease, insurance, materials, licenses, employee pay, permits, etc. In creating the first part of your company pro forma, you will use the business revenue projections calculated from step one and the estimated costs and liabilities.

This step is your chance to evaluate if all your expenses are necessary and what you can do to reduce them.

 

Step #3 Estimate Cash Flows

Cash flow is calculated by making some adjustments to your net income by subtracting or adding differences in expenses, credit transactions, and revenue, leading from transactions that happened from one period to the next.

These adjustments are carried out due to non-cash items calculated in the income statement and total assets and liabilities. Since some transactions do not involve cash items, some are re-evaluated when computing the cash flow from operations.

Cash flow is calculated using these two methods:

Direct Cash Flow Method

The direct method adds the receipts and the different cash payments, including cash paid to suppliers, cash paid as salary, and cash receipts from customers. These numbers are computed using the starting and ending balances of the different business accounts and assessing the net increase or decrease in your account.

Indirect Cash Flow Method

With the indirect cash flow method, the operating activities are computed by getting the net income off the company’s income statement. Because it is set on an accrual basis, revenue is recognized if earned and not received.

This part of the proforma statement will project the company’s future net income, dividends, sale of assets, issuance of stocks, etc. The estimation of cash flow is considered as the second part of your pro forma financial statement.

 

Step #4 Creation of Chart of Accounts

The chart of accounts will complete your proforma income statement and includes data collected for a three to five-year period. The first year is detailed and broken into every month increments. The following years will be split into by quarter, and the fourth and fifth years are then broken into yearly.

 

Final Thoughts

Some business owners are surprised at how good a pro forma income statement is to their startup operations. But, if done correctly, you can consider it a strategic planning tool to direct your company in the right direction.

Follow the steps in this guide to make sure you get the correct estimations and numbers in completing a proforma income statement. Others think that the income statement will not benefit new businesses. But for others, it is a good start in foreseeing the future of the company. If you want to share your thoughts about the topic, or have questions, feel free to comment below.

 

Resources:
https://www.investopedia.com/investing/what-is-a-cash-flow-statement/
https://en.wikipedia.org/wiki/Pro_forma
https://getpoindexter.com/blog/pro-forma-income-statement-example
https://www.freshbooks.com/hub/accounting/calculate-liabilities
https://businesstown.com/articles/how-to-create-a-pro-forma-income-statement/
https://smallbusiness.chron.com/write-pro-forma-3064.html
https://www.investopedia.com/terms/p/proforma.asp

Continue Reading

Business

WAYS TO KEEP YOUR HYBRID WORKPLACE SECURE FROM THE IRREVERSIBLE DAMAGE OF A CYBER ATTACK

Published

on

By

By Alex Bransome, CISO at Doherty Associates, specialists in managing and securing cloud services in the finance sector.

 

recent in-depth study into 3000 UK firms and 2000 employees commissioned by our team at Doherty Associates found that 42% of the financial and legal firms questioned including those in private equity, investment and asset management, said their firm was inadequately protected against the cyber risks of hybrid working.

At the same time, one in five of the firms admitted that a major cyber attack could significantly cost their business at least £10 million or more in irreversible damage such as through loss of sensitive information, corporate and confidential data, due to a GDPR breach or fine, and long-term reputational damage to the firm.

Yet hybrid working is here to stay for over half of the firms we spoke to, despite being more vulnerable than ever to a cyber breach. A recent BBC poll on 50 of the biggest employers in Britain, including investment firms JP Morgan, Rathbones and investment bank VSA Capital, said they had no immediate plans to bring staff back to the office full-time.

And you can see why flexible working is the preferred choice for both firm and employee, as over a third of the finance and legal professionals we spoke to said that they found it easier to win new business and close deals when working from home.

However, a more flexible, hybrid scenario is creating increasingly complex cyber security challenges as employees move between different set-ups, in different places, using different devices.

 

More than one front door

With employees working outside of the office, using a blend of personal and company devices, finance firms no longer have a single ‘front door’ to protect but a multitude of entry points to secure against cyber criminals.

While it remains the case that most information leaks out by accident, the chances of this happening increases with more employees working from home, as the ‘attack surface area’ extends out to every device being used, no matter who owns it. At the same time, cyber criminals are finding ever more sophisticated ways to target remote employees, with finance an increasingly attractive target due to the high value of transactions.  What’s more, it seems a high number of employees working remotely are experiencing cyber or data breaches unknown to the firm.

 

It’s the unknown you need to worry about

52% of the finance and legal firms we interviewed said their organisation has yet to experience a cyber attack or data breach since transitioning to remote working since the first UK Covid-19 lockdown back in March 2020. Yet, a quarter of employees said they had been the victim of a data breach or caused one themselves since working remotely, one in seven had experienced a phishing attack or similar, and 42% admitted to emailing confidential client information or unencrypted attachments.

The difference between how many firms are detecting breaches compared to the reality of them occurring suggests that employees are not reporting all of the mistakes they make. It also shows that firms are still in need of a well-rounded cyber security programme that incorporates protective, detective and responsive solutions, if they are to keep their information, people and workforce safe.

It’s not the tip of the iceberg you need to worry about. It’s the bit you can’t see underneath. Underestimating the risks and vulnerabilities that come with home and hybrid working could prove costly.

 

Reinforce your moats to protect your castles

Many firms appreciate that a single ‘castle and moat’ perimeter defence approach – where employees are protected within the boundaries of the office firewall – is no longer fit for purpose in a hybrid workplace. However, some are struggling to keep up with the fast-moving challenges that blended working brings, but there are steps your firm can put in place to safeguard a firm’s ‘borderless’ network.

  • Improve your cyber hygiene and widen your security perimeter to protect those working outside the office

Cloud-based technologies such as Data Loss Prevention and Information Protection can help protect against data leakage. Ensure that all internet facing systems have multi-factor authentication, so employees keep their identity secure while working remotely, and restrict the use of personal devices.

Use software that ringfences and encrypts all the corporate data on a mobile or ‘bring your own’ devices as this means the corporate data can be wiped if the device is lost or stolen without this affecting any personal data – such as family photos – if the device is then found or recovered.  Also using disk encryption to protect all data on company devices such as laptops, will mitigate the risk of it being lost or compromised if the device is stolen.

Ensuring though that no company information is shared via personal cloud storage platforms where documents can easily be forgotten, and just as easily hacked, is also advised.

  • Conduct a cyber risk assessment at least every six months to improve your security posture

This will identify and address any critical vulnerabilities, gaps or compliance issues. An assessment should involve identifying your most important/critical assets; identifying any weakness/vulnerabilities in those assets, or in how they are used or accessed, assessing the likelihood of a risk materialising; and finally identifying controls to help address the identified risks, to reduce risk to an acceptable level.

  • Carry out regular cyber awareness training

Over a third of the financial professionals in our poll say they’ve had no cyber training since working from home from the start of the pandemic despite the fact that they are now using different software and platforms to collaborate as well as a mix of personal and work devices.

Building in regular comprehensive cyber security awareness training for every employee is critical to safeguarding against any vulnerabilities, weak spots or compliance breaches.

It should most importantly clearly convey your organisation’s approved methods of working, communicating and sharing data. Beyond this, user awareness should cover the end user security best practices and how to spot common attacks such as phishing, plus phishing assessments to actively test and measure awareness levels across the organisation.

Empowering employees with the knowledge to identify threats in real-time can become a firm’s greatest security asset so making cyber security training a ‘must’ and not just a nice-to-have is critical in this new era of hybrid working.

Your firm is only as safe as your weakest link but cyber savvy employees, robust cyber security measures, and a strong cyber defence system will keep both firm and workforce safe and secure no matter where they are.

 

Continue Reading

Magazine

Trending

Business3 days ago

HOW TO CREATE A PROFORMA INCOME STATEMENT FOR YOUR STARTUP?

There are two reasons why you are on this page right now. First, you are just starting with your business,...

News3 days ago

EXPERTS SHARE SIX STEPS TO RAISING MONEY SAVVY KIDS

The ability to manage finances is not something that is known naturally; it must be taught to us as we...

News4 days ago

CORE BANKING FINTECH OHPEN APPOINTS JERRY MULLE AS UK MD TO FUEL CONTINUED GLOBAL EXPANSION

Ohpen, the first fintech platform to bring a bank to the cloud, today announces the appointment of Jerry Mulle as its new UK Managing Director,...

Technology4 days ago

BIOMETRICS: BALANCING SECURITY WITH CONVENIENCE

Jean Fang, Authentication Product Manager and Joël Di Manno, Authentication and Biometrics Laboratory Service Line Manager at Fime   From...

News4 days ago

THE VALUE OF A HEALTHCARE ADVISER

By Rachel Janssens, principal consultant at Alexander Forbes Health   Navigating the vast number of schemes available and sifting through all...

Wealth Management5 days ago

WHAT WILL TRADING FLOORS OF A POST-COVID WORLD LOOK LIKE?

Ganesh Iyer, Chief Marketing and Strategy Officer, IPC   The last year brought around a monumental change to the way...

Business5 days ago

WAYS TO KEEP YOUR HYBRID WORKPLACE SECURE FROM THE IRREVERSIBLE DAMAGE OF A CYBER ATTACK

By Alex Bransome, CISO at Doherty Associates, specialists in managing and securing cloud services in the finance sector.   A recent in-depth study into 3000 UK...

News6 days ago

CONTOUR DRIVES TRADE GROWTH FOR BANGLADESH BUSINESSES WITH DOMESTIC LETTERS OF CREDIT

Aims to onboard 50+ corporates supported by Bangladeshi and international banks in next six months   Contour has launched its...

Business6 days ago

A LOW-CODE LONDON MARKET – THE KEY TO INDUSTRY FUTUREPROOFING

By Richard Farrell, Chief Innovation Officer at Netcall   Aged 332 years, the London Market isn’t new to the need to modernise....

Banking6 days ago

LEGACY INFRASTRUCTURES MUSTN’T HOLD BACK INNOVATION IN FINANCIAL SERVICES

Ian Perry, Principal Solution Architect at Zscaler   We are living in a changed world; one of hybrid home/office work...

Finance6 days ago

HOW CFOS CAN TAKE A HOLISTIC APPROACH TO ENTERPRISE AGILITY

Frederic Portal, Financials Product Marketing Director, at Workday   Whether brought on by a market shift, technological innovation or as we...

Technology6 days ago

HOW CAN THE PAYMENTS INDUSTRY PREPARE FOR SCA WITH BIOMETRICS?

By Vince Graziani, CEO, IDEX Biometrics ASA   Significant developments are afoot in the retail and payments industry, with vendors...

News6 days ago

NEXO STANDARDS EXPANDS SCOPE BEYOND CARD-BASED TRANSACTIONS

Advancements will ease integration of payment acceptance solutions across a range of transaction technology   nexo standards, which offers the...

News6 days ago

TRUSTONIC AND SYNTHESIS PARTNER TO MAKE PIN ENTRY POSSIBLE AND UNLOCK THE MOBILE POINT OF SALE MARKET

Cybersecurity technology leader Trustonic today announces its partnership with software and consulting company Synthesis Software Technologies to increase the opportunities available to businesses...

Business7 days ago

HOW TO ENHANCE THE CUSTOMER EXPERIENCE IN YOUR RETAIL STORE

Do you own your own retail store? Are you hoping that 2021 is the year you are able to grow...

Finance7 days ago

THREE STEPS TO ENSURE RECOVERY OF COVID LOANS GOES SMOOTHLY

In the wake of the pandemic, the government acted quickly to provide financial Covid support packages to help struggling businesses....

News7 days ago

SALESFORCE EXPANDS ITS FINANCIAL SERVICES OFFERINGS WITH NEW PRODUCTS FOR CORPORATE AND INVESTMENT BANKING

Tailored tools integrated into Financial Services Cloud support the industry’s transition to digital-first, helping deals get done from anywhere New...

Finance7 days ago

FOUR STEPS TO INTEGRATING INTELLIGENT AUTOMATION IN THE FINANCE DEPARTMENT

Marieke Saeij, CEO of Visma | Onguard   It’s clear that Intelligent Automation (IA) is still very much an emerging...

Technology7 days ago

READING BETWEEN THE BUZZWORDS: DISCOVERING THE POWER OF INTELLIGENT AUTOMATION?

by Yad Jaura, Product Marketing Manager at Netcall    The nature of automation means that new technologies, ideas and solutions are frequently...

Finance7 days ago

FOR THE FINANCIAL SERVICES INDUSTRY TO THRIVE POST-COVID-19, AUTOMATION WILL BE KEY

By Anubhav Mehrotra- Vice President and Head of Financial Services, UK & Ireland, HCL Technologies.   The economic challenges emerging...

Trending