Securiti announces a $75M Series C Funding Round
ViewBlogs
Published on August 19, 2021 AUTHOR - Nigel Hawthorn, EMEA Privacy Team
When you respond to data subject access requests, as per Article 15 of the GDPR, you no doubt review databases of information- so called “Structured Data” - on your systems and in the cloud, compile all the personal data you have on the data subject (probably a customer record) and send it to the requestor along with additional information about processing activities being carried on the data.
But a recent ruling by the German Federal Court of Justice (Bundersgerichtshof) has potentially extended that to include all information known about the data subject, including any previous correspondence, internal communications and notes.
This ruling makes clear that data collected and shared via internal processes is covered under the right to access as per Article 15 of the GDPR, potentially expanding the breadth of information many people thought was covered in a data subject access request.
To help operationalize this, imagine a customer serially calls your customer support team for help. The customer is identified in every instance and the call is recorded for quality assurance purposes by your organization. If that customer is protected under the GDPR and makes an access request under Article 15 - it won’t be enough to just provide him access to his file, you also need to attach all those recorded calls!
This ruling also states that internal communications about the data subject should be released as part of a DSAR, we have to think whether it would be embarrassing, or worse, if all internal communications were released. In that regard, we make two recommendations that flow from this ruling:
It is also important to note that the ruling did recognize that any documentation or internal communication which contains legal analysis can be excluded from an access request as it does not constitute personal data since it is information about the assessment and application of the law to the data subject’s situation. A summary of the personal data information which was considered for the legal analysis can be provided but the analysis and the results of the analysis are exempt.
Security can help you enable swift and accurate DSR fulfillment from our sensitive data intelligence models.
We can give you data discovery across more than 200 apps to find data assets, and discover personal data in structured and unstructured data systems, across on-premises and multi-cloud and automatically discover and build a relationship map between personal data and its owner.
Discover granular insights into all aspects of your privacy and security functions while reducing security risks and lowering the overall costs
January 31, 2023
As they say, “data is the new oil” - driving business value in many organizations, providing valuable insights and enabling innovation. Consequently the sheer volume of data being amassed in various data systems, such as cloud data lakes...
January 23, 2023
Organizations that make defense-related equipment and services can leverage the power of the cloud, big data analytics, and artificial intelligence to help the United States (US) military stay ahead in modern warfare. But ensuring the safety of sensitive...
January 22, 2023
The legal turmoil regarding cross-border data transfers from Europe to the US under the GDPR has had many twists and turns. Initially, the US and the EU entered into the Safe Harbor Agreement, 2000, which regulated cross-Atlantic data...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
[email protected]
3031 Tisch Way Suite 110 Plaza West, San Jose,
CA 95128