Data Subject Communication
GDPR gives data subjects the right to
Everyone has the right to ask IF you have stored their data. Not answering within a month gives the data subject a right to file damages. They also can file complaints to the GDPR authority.
The challenge here is that EVERYONE has the right to ask IF you have their personal data. You may (and probably will) get a LOT of GDPR requests from data subjects where you do not have any data at all.
As mentioned above - not giving correct answers can easily trigger damage claims and expensive lawsuits.
This is a toxic risk for most companies.
Manually handling these claims and answering each of these requests is a huge manual labor. You actually have to check all potential data sources from email store to mailing list, phone protocol, ERP System, ... to give a proper answer.
Integrating all potential personal data in one place to be able to answer these requests may sound compelling but can violate the GDPR principle of data minimisation. It also creates a complete profile of each data subject and for that you would need a DPO just for this profiling. And this data silo is another single point of failure for data breaches. That's why - in most cases - the answer to this problem is not just creating a complete central data subject repository.
Our solution for data subject interaction aims to give you
- Online access to the general information about your data processing
- An online tool to check IF data about a data subject is stored
- Automatic data subject identification
- Optional automatic personal data delivery
- Optional automatic data correction and deletion requests
While you have following benefits:
- NO effort for your company handling requests IF data is stored
- NO personal data is duplicated (no additional risk for data breaches)
- NO critical data subject profile is created
- NO requester needs to access your network directly (keeping your network safe)
The most critical piece is to protect your company from floods of GDPR requests by people who are not even stored in your databases.
If requests from actual data subjects create a large workload we can automate the actual personal data delivery, rectification and deletion.
To achieve this we invented a technology in cooperation with the Vienna University of Technology to collect anonymous information about data subjects from all your data sources and to collect this information (a hash code and what type of info you have) on a cloud system. This system will verify data subjects identities by email or phone (more methods to follow) and gives them feedback if their data is stored.
If this system is hacked or a data breach would occur the data found there is worthless. There are only hashcodes of email addresses and phone numbers that cannot turned back into the original addresses and numbers. This makes the whole system easy to use and safe. In the Enterprise Edition 100% of the system can be adopted to match your company's individual needs.