A time-tested answer to a new question
[Editor’s Note: EDRM is proud to share our partners’ sponsored posts.]
Under the GDPR, individuals have the right to understand what personal data an organization holds about them, ensure the information is accurate, and request the amendment, deletion or transfer of their personal information. Individuals can make this request by submitting a Subject Access Request, including Data Subject Access Requests (DSARs), which requires that organizations find, review, redact and produce relevant documents within a thirty-day timeframe. This is leaving many organizations struggling to comply efficiently and cost-effectively.
The problem isn’t insignificant. Many corporations within the EU have reported that the volume of DSAR requests have more than doubled since the GDPR came into effect, taxing existing resources. But there’s a time-tested solution to this new challenge. According to IDC, “data subject access requests…follow identical workflows to that of litigation response. The right eDiscovery provider will be able to quickly and effectively respond to data subject access requests and protect the organization from related compliance violation.” (1)
Here are four steps to leveraging eDiscovery software for DSAR reviews.
Find the relevant data expeditiously
Once data sources have been identified and data is collected from those systems, potentially large document collections need to be filtered to the relevant (or targeted) set for review and analysis. Advanced eDiscovery review and investigations platforms offer stackable filters (preconfigured lists of the most common search terms) to accelerate the review, while predictive filters increase automation by learning from successful queries what the most effective terms will be to find the relevant personal data in future searches.
Redact sensitive data
It’s critical to protect the inadvertent disclosure of personal and sensitive information by redacting that information (and potentially that of other people’s information in the documents) prior to delivering it to the requestor. Many eDiscovery platforms have automated data detection capabilities that find virtually any common identifiable pattern, such as credit card numbers and email addresses. This eliminates the manual review of every document. Built-in redaction tools can also support custom redaction targets, and transparent ‘in-view’ highlights can accentuate the sensitive data for easy review.
The most advanced eDiscovery solutions also include AI and analytics tools, such as sentiment analysis and people and places auto-detection, to find the names of other people that are entwined with the requestor’s information. These tools automate the ability to redact the names of third parties from the relevant documents because it is essential to not infringe on someone else’s privacy when fulfilling the privacy rights of the requestor.
Heads up review to efficiently clear requests
Through ‘heads up’ review, reviewers are able to rapidly assess the relevant information without setting eyes on each and every document. Heads up review exhibits all of the data and their associated files in a highly visualized display so reviewers can clear the requests sequentially much faster. Accuracy and confidence are also substantially enhanced as all the relevant information is aggregated in a highly accessible fashion while highlighting key privacy terminology to mitigate against missing or overlooked data.
Complete the response and produce the data
Once the relevant data is identified, reviewed and redacted, corporations must complete their legal obligation by providing a report to the requestor. eDiscovery platforms include production workflows and associated rules to easily configure the production of either single documents or families of documents related to the individual. Operators simply select the responsive and validated results set and add them to a production workflow, where the export production wizard delivers the output imaged and redacted ready to be shared with the requestor.
Whether searching for relevant data, redacting sensitive data, performing a review or producing the data for the requestor, eDiscovery technology introduces automation and efficiency across the DSAR workflow. eDiscovery technology inherently maps to DSAR workflows and can be tuned quite simply to radically minimize the cost and resource drain of your DSAR program.
- IDC, “Worldwide eDiscovery Software Forecast, 2019–2023”, doc #US45344219, July 2019