When California passed the California Consumer Privacy Act (CCPA) in 2018, it put data privacy on the map in the U.S. But many companies quickly realized their data was all over the map, creating challenges to meet compliance obligations of the new law.
One of the basic rights of the major privacy laws around the world is the ability for consumers to submit a request – known as a Data Subject Request (DSR) – to see the data a company holds about them, as well as the ability to ask for their information to be deleted. While the request may seem straightforward, the process becomes more complex when considering a simple fact of business today: Data can be anywhere and everywhere within a company’s electronic systems and databases.
The typical business, regardless of size, collects data in one or all of three ways: from customers themselves, such as when they sign up for a newsletter or marketing offers; by tracking customers online; and by adding data from third-party sources to build a more personalized profile of customers. This data, then, can be held in multiple repositories across multiple departments of an organization.
Anyone with any kind of relationship with a company can submit a DSR, including existing and prospective customers, employees, contractors, job candidates, donors, and in some cases, “authorized agents,” such as a parent or guardian requesting information on a minor, or a friend or family member assisting an older relative. According to a leading technology research and consulting firm1, it costs a company on average $1,500 to process a single DSR, raising the cost of compliance from an avoidable penalty to a financial burden. At this rate, organizations that processed DSRs manually during the first year when CCPA was implemented spent approximately $192,000 per million identities to process and fulfill DSRs.
As companies collect more data, retain data for longer periods of time, and are subject to a growing number of data privacy laws, one solution has emerged to control costs and ensure compliance with the growing number of requests: an automated DSR process.
Depending on the jurisdiction of the privacy law, data subjects may make a DSR by almost any method, including online, email, letter, or phone. Most DSRs are initiated through a link from a company’s privacy policy or website. From the perspective of the consumer, the process seems simple and transparent:
On the side of the company processing the DSR, however, the situation is more involved, with added layers of complexity depending on the amount of data a company holds, the number of databases where the information resides, and the web of third parties with which the company has shared or sold data. For example, one financial services company disclosed2 that it shares customer data with hundreds of entities around the world.
At the heart of the automated process is an Administrator Console, which serves as the hub to provide visibility into the DSR journey. A basic automated DSR process generally follows this path:
While the basic steps of an automated process may be similar among platforms, the value of automation lies in its ability to reduce or eliminate unnecessary manual processes, and some platforms perform much more efficiently than others. Notably:
In all cases, by automating the DSR process, your company also is creating a trail of activity to demonstrate compliance with privacy regulations.
The Relyance AI platform provides a level of visibility into a company’s data flow that is unmatched in the industry. This data mapping is the foundation of the automated DSR process, ensuring a company can identify and collect the required data to complete the request, whether it’s for access or deletion. And unlike other automated DSR platforms, customers can customize the DSR workflow, rather than relying on add-on – and added-fee – services to complete what should become a routine process.
In addition, our automated DSR process significantly streamlines the collection of information from third parties, requiring just checking a box to select this part of the process rather than creating new code or manually contacting these outside sources. And built-in “pauses” deliver a level at checkpoints along the process so you can deliver not only an accurate report to your customer, but also a level of satisfaction that builds trust – and loyalty – to your business. Book a demo with us, or contact us here.
----------------------
When California passed the California Consumer Privacy Act (CCPA) in 2018, it put data privacy on the map in the U.S. But many companies quickly realized their data was all over the map, creating challenges to meet compliance obligations of the new law.
One of the basic rights of the major privacy laws around the world is the ability for consumers to submit a request – known as a Data Subject Request (DSR) – to see the data a company holds about them, as well as the ability to ask for their information to be deleted. While the request may seem straightforward, the process becomes more complex when considering a simple fact of business today: Data can be anywhere and everywhere within a company’s electronic systems and databases.
The typical business, regardless of size, collects data in one or all of three ways: from customers themselves, such as when they sign up for a newsletter or marketing offers; by tracking customers online; and by adding data from third-party sources to build a more personalized profile of customers. This data, then, can be held in multiple repositories across multiple departments of an organization.
Anyone with any kind of relationship with a company can submit a DSR, including existing and prospective customers, employees, contractors, job candidates, donors, and in some cases, “authorized agents,” such as a parent or guardian requesting information on a minor, or a friend or family member assisting an older relative. According to a leading technology research and consulting firm1, it costs a company on average $1,500 to process a single DSR, raising the cost of compliance from an avoidable penalty to a financial burden. At this rate, organizations that processed DSRs manually during the first year when CCPA was implemented spent approximately $192,000 per million identities to process and fulfill DSRs.
As companies collect more data, retain data for longer periods of time, and are subject to a growing number of data privacy laws, one solution has emerged to control costs and ensure compliance with the growing number of requests: an automated DSR process.
Depending on the jurisdiction of the privacy law, data subjects may make a DSR by almost any method, including online, email, letter, or phone. Most DSRs are initiated through a link from a company’s privacy policy or website. From the perspective of the consumer, the process seems simple and transparent:
On the side of the company processing the DSR, however, the situation is more involved, with added layers of complexity depending on the amount of data a company holds, the number of databases where the information resides, and the web of third parties with which the company has shared or sold data. For example, one financial services company disclosed2 that it shares customer data with hundreds of entities around the world.
At the heart of the automated process is an Administrator Console, which serves as the hub to provide visibility into the DSR journey. A basic automated DSR process generally follows this path:
While the basic steps of an automated process may be similar among platforms, the value of automation lies in its ability to reduce or eliminate unnecessary manual processes, and some platforms perform much more efficiently than others. Notably:
In all cases, by automating the DSR process, your company also is creating a trail of activity to demonstrate compliance with privacy regulations.
The Relyance AI platform provides a level of visibility into a company’s data flow that is unmatched in the industry. This data mapping is the foundation of the automated DSR process, ensuring a company can identify and collect the required data to complete the request, whether it’s for access or deletion. And unlike other automated DSR platforms, customers can customize the DSR workflow, rather than relying on add-on – and added-fee – services to complete what should become a routine process.
In addition, our automated DSR process significantly streamlines the collection of information from third parties, requiring just checking a box to select this part of the process rather than creating new code or manually contacting these outside sources. And built-in “pauses” deliver a level at checkpoints along the process so you can deliver not only an accurate report to your customer, but also a level of satisfaction that builds trust – and loyalty – to your business. Book a demo with us, or contact us here.
----------------------
When California passed the California Consumer Privacy Act (CCPA) in 2018, it put data privacy on the map in the U.S. But many companies quickly realized their data was all over the map, creating challenges to meet compliance obligations of the new law.
One of the basic rights of the major privacy laws around the world is the ability for consumers to submit a request – known as a Data Subject Request (DSR) – to see the data a company holds about them, as well as the ability to ask for their information to be deleted. While the request may seem straightforward, the process becomes more complex when considering a simple fact of business today: Data can be anywhere and everywhere within a company’s electronic systems and databases.
The typical business, regardless of size, collects data in one or all of three ways: from customers themselves, such as when they sign up for a newsletter or marketing offers; by tracking customers online; and by adding data from third-party sources to build a more personalized profile of customers. This data, then, can be held in multiple repositories across multiple departments of an organization.
Anyone with any kind of relationship with a company can submit a DSR, including existing and prospective customers, employees, contractors, job candidates, donors, and in some cases, “authorized agents,” such as a parent or guardian requesting information on a minor, or a friend or family member assisting an older relative. According to a leading technology research and consulting firm1, it costs a company on average $1,500 to process a single DSR, raising the cost of compliance from an avoidable penalty to a financial burden. At this rate, organizations that processed DSRs manually during the first year when CCPA was implemented spent approximately $192,000 per million identities to process and fulfill DSRs.
As companies collect more data, retain data for longer periods of time, and are subject to a growing number of data privacy laws, one solution has emerged to control costs and ensure compliance with the growing number of requests: an automated DSR process.
Depending on the jurisdiction of the privacy law, data subjects may make a DSR by almost any method, including online, email, letter, or phone. Most DSRs are initiated through a link from a company’s privacy policy or website. From the perspective of the consumer, the process seems simple and transparent:
On the side of the company processing the DSR, however, the situation is more involved, with added layers of complexity depending on the amount of data a company holds, the number of databases where the information resides, and the web of third parties with which the company has shared or sold data. For example, one financial services company disclosed2 that it shares customer data with hundreds of entities around the world.
At the heart of the automated process is an Administrator Console, which serves as the hub to provide visibility into the DSR journey. A basic automated DSR process generally follows this path:
While the basic steps of an automated process may be similar among platforms, the value of automation lies in its ability to reduce or eliminate unnecessary manual processes, and some platforms perform much more efficiently than others. Notably:
In all cases, by automating the DSR process, your company also is creating a trail of activity to demonstrate compliance with privacy regulations.
The Relyance AI platform provides a level of visibility into a company’s data flow that is unmatched in the industry. This data mapping is the foundation of the automated DSR process, ensuring a company can identify and collect the required data to complete the request, whether it’s for access or deletion. And unlike other automated DSR platforms, customers can customize the DSR workflow, rather than relying on add-on – and added-fee – services to complete what should become a routine process.
In addition, our automated DSR process significantly streamlines the collection of information from third parties, requiring just checking a box to select this part of the process rather than creating new code or manually contacting these outside sources. And built-in “pauses” deliver a level at checkpoints along the process so you can deliver not only an accurate report to your customer, but also a level of satisfaction that builds trust – and loyalty – to your business. Book a demo with us, or contact us here.
----------------------
When California passed the California Consumer Privacy Act (CCPA) in 2018, it put data privacy on the map in the U.S. But many companies quickly realized their data was all over the map, creating challenges to meet compliance obligations of the new law.
One of the basic rights of the major privacy laws around the world is the ability for consumers to submit a request – known as a Data Subject Request (DSR) – to see the data a company holds about them, as well as the ability to ask for their information to be deleted. While the request may seem straightforward, the process becomes more complex when considering a simple fact of business today: Data can be anywhere and everywhere within a company’s electronic systems and databases.
The typical business, regardless of size, collects data in one or all of three ways: from customers themselves, such as when they sign up for a newsletter or marketing offers; by tracking customers online; and by adding data from third-party sources to build a more personalized profile of customers. This data, then, can be held in multiple repositories across multiple departments of an organization.
Anyone with any kind of relationship with a company can submit a DSR, including existing and prospective customers, employees, contractors, job candidates, donors, and in some cases, “authorized agents,” such as a parent or guardian requesting information on a minor, or a friend or family member assisting an older relative. According to a leading technology research and consulting firm1, it costs a company on average $1,500 to process a single DSR, raising the cost of compliance from an avoidable penalty to a financial burden. At this rate, organizations that processed DSRs manually during the first year when CCPA was implemented spent approximately $192,000 per million identities to process and fulfill DSRs.
As companies collect more data, retain data for longer periods of time, and are subject to a growing number of data privacy laws, one solution has emerged to control costs and ensure compliance with the growing number of requests: an automated DSR process.
Depending on the jurisdiction of the privacy law, data subjects may make a DSR by almost any method, including online, email, letter, or phone. Most DSRs are initiated through a link from a company’s privacy policy or website. From the perspective of the consumer, the process seems simple and transparent:
On the side of the company processing the DSR, however, the situation is more involved, with added layers of complexity depending on the amount of data a company holds, the number of databases where the information resides, and the web of third parties with which the company has shared or sold data. For example, one financial services company disclosed2 that it shares customer data with hundreds of entities around the world.
At the heart of the automated process is an Administrator Console, which serves as the hub to provide visibility into the DSR journey. A basic automated DSR process generally follows this path:
While the basic steps of an automated process may be similar among platforms, the value of automation lies in its ability to reduce or eliminate unnecessary manual processes, and some platforms perform much more efficiently than others. Notably:
In all cases, by automating the DSR process, your company also is creating a trail of activity to demonstrate compliance with privacy regulations.
The Relyance AI platform provides a level of visibility into a company’s data flow that is unmatched in the industry. This data mapping is the foundation of the automated DSR process, ensuring a company can identify and collect the required data to complete the request, whether it’s for access or deletion. And unlike other automated DSR platforms, customers can customize the DSR workflow, rather than relying on add-on – and added-fee – services to complete what should become a routine process.
In addition, our automated DSR process significantly streamlines the collection of information from third parties, requiring just checking a box to select this part of the process rather than creating new code or manually contacting these outside sources. And built-in “pauses” deliver a level at checkpoints along the process so you can deliver not only an accurate report to your customer, but also a level of satisfaction that builds trust – and loyalty – to your business. Book a demo with us, or contact us here.
----------------------