Handling Subject Access Requests - Plan, Prepare, Process
Published on: 23rd December 2018
By PYXI GDPR Team
There are three simple steps you can take to make sure you are ready to manage a Subject Access Request sent in to your business. You might have received one already, or you may be worried that you're unprepared should one arise. Using our software, PYXI for GDPR, it's easy to get your business in shape so you can manage Subject Access Requests with confidence and speed.
The Three-P's built into the software help you to Plan for managing the Requests in advance. It helps you to understand what might be in scope when a Request arrives. It helps you to understand what data is stored where, and what kinds of data are being stored. You end up with a clear picture of all the parts of your business that will need to be ready to manage a Subject Access Request.
PYXI for GDPR helps you to Prepare your business by recording whose data you are storing, and recording where it can be found. This means that when the SAR arrives you'll be able to identify where to look for the information that has been requested quickly and easily. PYXI will help you identify where data is stored and who has ownership or control of the information, even if they are external to your organisation; e.g. a cloud database provider, online email service, etc.
At the heart of PYXI for GDPR is our SAR Process Manager, which RECORDS the Subject Access Request, helps you to PROCESS your response from beginning to end, and GUIDES you at each step along the way. It starts with documenting the request, takes you through validation and discovery, and ends with the final recording of the resulting actions. At each step PYXI guides you to the appropriate action, and allows you to keep track of what you've done and what needs doing.
By building in the Three-P's into your business to deal with Subject Access Requests, you'll be able to respond more quickly, have greater confidence in your response, and have clear records of your actions in case they are needed for further investigation in the future; saving you time, money and worry.
PYXI GDPR Team: 23rd Dec 2018 09:04:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
ICO Q2 Data Security Incident Trends
The ICO's figures for Q2 show that the most frequently reported data security incident relates to disclosure of data. The ICO's website has published information about Q2 2018-19's data security incidents by type and sector, and the single mo... click to read more