TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Daily Dashboard | DPO Confessional: Creating a process for SARs Related reading: FTC’s Chopra: US regulators must not fail us again

rss_feed

""

GDPR-Ready_300x250-Ad

There’s nothing like a data subject access request to force an inter-departmental huddle. For U.S.-based DPOs, the exercise may feel a bit like responding to a litigation discovery request. Access to what personal information is gathered and how it’s used is one of the fair information practices, already obligatory under member state law implementing the EU Data Protection Directive, so for seasoned European privacy professionals there may be only modest adjustments needed to an existing SAR policy to conform to the EU General Data Protection Regulation before the May 25, 2018, deadline. For those tackling these rights anew in preparation for the GDPR, however, it is a conceptual and operational challenge. Still, in this post for DPO Confessional, IAPP DPO Rita Heimes, CIPP/US, CIPM, notes, "the exercise of developing a SAR response protocol has positive side effects, including increased collaboration throughout the organization and a deeper organization-wide appreciation of what privacy fundamentally means."
Full Story

Comments

If you want to comment on this post, you need to login.