GDPR & Right to Access image

How to Easily Respond to Right of Access Requests

We mentioned this in a previous blog post, but it’s worth repeating: The European Union has taken an activist stance against privacy breaches by enacting the General Data Protection Regulation (GDPR). Similar legislation exists in other jurisdictions, while still others are using GDPR to model their own regulatory framework.

Why does GDPR matter?

GDPR has made headlines for several reasons, but the most important one is its penalties. Fines can range up to four percent of annual revenue (or €20 million, whichever is greater). That goes beyond a mere slap on the wrist.

Meanwhile, business media is watching for companies who incur such fines. Not even the finest spin doctors can prevent the damage a fine like that would do. The risk of massive fines and negative publicity (and the aftershocks, including lowered stock prices, ruined executive careers, even a Cambridge Analytica-type implosion) ought to tilt cost-benefit calculations in favour of compliance with privacy law.

The writing is on the wall: after years of paying lip service to privacy concerns, companies that gather customer data will find that compliance with privacy laws is less expensive than paying fines for non-compliance.

What is Right of Access?

In a previous post, we dealt with “right to be forgotten” requests. (We also spelled out the reasons why you might as well treat all customers as though they are protected by GDPR.)

Now let’s consider GDPR’s Article 15: Right of access by the data subject. This short, four-part article links to other GDPR articles, which in turn spread tentacles to other articles, and so on. The sum is a comprehensive attempt to oblige organizations to turn over any information they might have on a data subject (in part by limiting the excuses that may once have worked).

Are your systems built for compliance?

Those excuses include what is technologically possible. In truth, not all data systems make it easy to retrieve information on a data subject. Consider the ubiquitous image backup, for example. Image-based backups are the most popular and by their design are not easy to search for a data subject’s information.

It’s time to look for technology partners who provide software designed to make GDPR compliance more than simply possible – it can be downright easy. If only there was a tool that indexes all data stores, structured and not. That tool would be easy to use and simple to put in place. And it would allow full erasures of PII data in image-based backups (but I’ll discuss Right of Erasure more in a later blog).

Look no further. With ioFABRIC software, Right of Access becomes a way of life and a way of business.

Need more proof? Contact us today for a demo. We’ll be happy to answer your questions.