You’ve received a Data Subject Access Request (DSAR), and you have one month to respond. Somebody mentioned not to forget paper files as well as electronic. Before you begin the hunt through mountains of records, pause. We have the solution. Digital Scan and Redact.
Consider, are you confident that you can separate disclosable from non-disclosable information, securely and in a secure and irreversible way, before the required release of a document? Our ‘Digital Scan and Redact’ service will help you to meet this objective. Better still, don’t wait for a DSAR to land in your inbox, get ahead of the problem and have your documents scanned and a discovery report provided so you know at any time what Personally Identifiable Information (PII) you hold in your paper records.
We digitally scan your paper archive, allowing you to enjoy the benefits of document scanning.
Your new digital files are made fully text-searchable with our advanced OCR engine.
Then Savannah, our powerful GDPR discovery and redaction system, crawls through all of your files hunting for the Personally Identifiable Information (PII) hidden in your records.
A discovery report is then produced from which, in discussion with your DPO, actions can be taken on any necessary redactions before document disclosures.
No manual searching through thousands of sheets of paper. No photocopying and time-intensive redaction. Just the results you need.
Absolutely. The GDPR expands explicitly it’s scope beyond electronic information to ensure that data protection law cannot be circumvented by taking advantage of the information held in paper records. For example, a cross-border transfer of paper records to then be converted into electronic records outside of the EU.
This is outlined in Article 2 (1):
“This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”
When considering how to achieve compliance with data protection regulations, it is common to fall into the trap of only thinking about your electronic records (we can help with that too), but what potentially non-compliant information do you have hidden in your paper records? For instance, under the GDPR, how would you respond to a data subject’s Right to be Forgotten if you aren’t sure what you really hold on them? We can help you answer these questions and have the solutions to deliver the results you need.
Ready to get started or would like more information?
Yes, but if you choose this route, there are some substantial implications to consider.
Wasted time – days and weeks lost to labour intensive searching of all hardcopy and electronic records in efforts to respond to DSARs.
Increased risk – easy to miss data relevant to a data subject or equally severe, in a rush to respond to a DSAR, you erroneously disclose information relating to a third-party constituting a breach under the DPA and the GDPR.
The ICO has published a useful guide on how to disclose information safely. You will see the immense amount of work involved when doing so manually, and this is assuming that, to begin with, you can identify all of the relevant documentation to consider. The staffing hours required are likely to be vast, with no assurance that all bases are covered.
Don’t let your paper records trip you up when dealing with a DSAR. Use our industry-leading service, save time and enhance compliance.