DSARs and data breaches – advice on data governance from Integreon

A new article from Integreon brings us a new year reminder of the importance of looking after personal data. Called Sound governance for personal data, it is written by Clare Chalkley and Claire Frazer of Integreon’s London office.

The article’s focus is on two things. One is the power of the Data Subject Access Request, that is, the right given by the GDPR (though it builds on much older rights) to control what data is kept about them. The other is the ever-present risk of data breaches. These come in many forms, but the one which most closely affects individuals is the exfiltration of their personal data from a company which knows a lot about them.

As I write, Travelex remains unable to operate its currency exchange computers – bad news for the business, but bad news also for those whose data, including credit and debit card data, has been kept by Travelex (and may still be kept by them – it is not yet clear that any data has been removed and published to add to the company’s ransom problems).

DSARs and data breaches have this in common – they both require a business to be able to say, in pretty short order, what data they hold about individuals. Whether the business faces a demand directly from an individual or wakes up to a duty to notify them that their data has been compromised, the starting-point is knowing what data was held, and where, what has been taken, and what must be said to the regulator and the individuals about it.

The Integreon article’s closing paragraph includes this:

Data breaches will occur, DSARs will be issued and these may seem like an impossible, unfair burden for the organisations affected.

The answer, the authors say, lies in “robust data governance, tried and tested procedures…and the right resources engaged to analyse and review the documents”. If you don’t have those resources, Integeon will be pleased to provide them.


About Chris Dale

I have been an English solicitor since 1980. I run the e-Disclosure Information Project which collects and comments on information about electronic disclosure / eDiscovery and related subjects in the UK, the US, AsiaPac and elsewhere
This entry was posted in Data privacy, Data Protection, Data Security, Data Subject Access Requests, DSARs, Integreon and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s