Data Subject Communication
GDPR gives data subjects right to
Everyone has the right to ask you IF you have stored his data.Not answering within about a month gives the data subject a right to file damages. They also can file complaints to the GDPR Authority.
The challenge here is that EVERYONE has the right to ask you IF you have personal data. You may (and probably will) get a LOT of GDPR requests from data subjects where you do not have any data at all.
As mentioned above - not giving correct answers can easily trigger damage claims and expensive lawsuits.
This is a toxic Risk for most companies.
Manually handling of these claims is a huge manual labor to answer each of these requests. You actually have to check all potential data sources from email store to mailing list, phone protocol, ERP System,... to give a proper answer.
Integrating all potential personal Data in one place to be able to answer these requests may sound compelling but can violate the GDPR principle of data minimisation. It also creates a complete profile of each data subject This means you would need a DPO just because of this profiling. And this Data Silo is another single point of failure for data breaches. That's why - in most cases - the answer to this problem is not just creating a complete central data subject repository.
Our Solution for Data Subject interaction aims to give you
- Online Access to the general information about your data processing
- Online Tool to check IF data about a data subject is stored
- Automatic data subject identification
- Optional automatic personal data delivery
- Optional automatic data correction and deletion requests
while you gain
- NO effort for your company handling requests IF data is stored
- NO personal data is duplicated (no additional risk for Data Breaches)
- NO critical Data Subject Profile is created
- NO requester needs to access your network directly (keeping your network safe)
The most critical piece is to protect your company from floods of GDPR requests by people who are not even stored in your databases.
If requests from actual data subjects create a large workload we can automate the actual personal data delivery, rectification and deletion.
To achieve this we invented a technology in cooperation with the Technical University Vienna to collect anonymous information about Data Subjects from all your data sources and to collect this Information (a hash code and what type of info you have) on a cloud system. This system will verify Data Subjects Identities by email or phone (more methods to follow) and gives them feedback if their data is stored.
If this System is hacked or a data breach would occur the data found there is worthless. There are only hashcodes of email addresses and phone number that cannot turned back into the original address. This makes the whole system easy to use and safe. In Enterprise Edition 100% of the system can be adopted to match your companies individual needs.