Announcing GDPR Form — Simplify Subject Access Requests — and why you need one for compliance.

Why GDPR Form?

We’ve created GDPR Form to offer companies and non-profits a new and good way to Simplify Data Subject Access Requests (SAR), helping them to manage and fulfill requests for data access, portability, and erasure. It’s an easy-to-configure web form for staff, customers & website visitors with monitoring dashboard and email notifications.

A SAR is the right of an EU citizen to request access to any personal data that an organisation may hold on them. Under GDPR, organisations must respond to SARs “without undue delay and at the latest within one month”

Recital 59 of the GDPR recommends that organisations ‘provide means for requests to be made electronically, especially where personal data are processed by electronic means’. The GDPR has gone into effect on 25 May 2018, and outlines distinct data subject rights for EU customers and employees.

• Article 7(3): Right to Withdraw Consent
• Article 12: Exercise of the Rights of the Data Subject
• Article 13 & 14: Right to Be Informed
• Article 15: Right to Access
• Article 16: Right to Rectification
• Article 17: Right to Erasure (“Right to be Forgotten”)
• Article 18: Right to Restriction of Processing
• Article 19: Notification Obligation
• Article 20: Right to Data Portability
• Article 21: Right to Object to Processing
• Article 22: Right to Object to Automated Individual Decision Making

So whatever business you’re in, if you hold personal data and are subject to the new regulation, you will have to respond to a request at some point so better be prepared.

Requests can come in via many ways! 🙅‍♂️

First of all, the channel via which the request is made doesn’t matter — requests can be made verbally through a phone call, frontdesk, in writing, be that through e-mail, a letter or god forbid a fax. And also social media such as Twitter or Facebook can be a valid touchpoint. It also doesn’t matter who receives the request. An e-mail to the DPO or privacy champion has just as much urgency as an e-mail to your employee. But because of this diversity, we recommend centralising it via GDPR Form.

The burden of getting organised. 🤯

It is impossible to estimate how many individuals will put in SARs requests. And there will be some who will want to put the new regulation to the test simply because they have the right. But this uncertainty should not encourage an ostrich mentality. SARs are not going away, and being ill prepared could impact an organisation’s image and brand simply by not being able to process SARs within the one-month timeframe.

The burden for you as an organisation is to overcome & recognize whether an individual is making a specific request. Individuals will probably not use exact phrases such as “right to access” or “right to be forgotten” or even “data subject request”. However, as soon as they are asking for access, modification, deletion of their personal data in their own words, you have to consider this a valid ask and you need to put your wheels in motion (process / procedure).

GDPR Form Dashboard — Receive, centralise and process all request. Monitor due dates

Why do you need (a) “GDPR Form”? 🤔

Firstly, we think a GDPR Form demonstrates you care about GDPR, are transparant, support the fundamental consumer rights and care about data privacy and data protection in general.

Secondly, the challenge is that requests can be submitted through many different channels, different words and to different employees. GDPR Form helps by structuring all these possible options into one single flow, by offering easy-to-configure web form for your customers & website visitors to reduce administration & keep oversight. Assign and track all requests from a central dashboard. Monitor priorities and automate responses to data subjects.

By directing all subject access requests to GDPR Form, you create a single entry point that can be accessible via your website (footer), your privacy policy, or even your apps.

To summarise, handling SARs under GDPR doesn’t have to give you headaches! And that’s why we created GDPR Form and why we think it’s useful for all companies that care about the protection of natural person’s data, their customers.

Bonus, if you’re interested in GDPR and looking for two useful tools check:

• GDPR Checklist, referenced Washington Post, FastCompany and INC.Com.
• GDPR Tracker to help identify GDPR Compliant SaaS Companies 💪

So let’s give GDPR Form a try — all our paid plans start with a 14-day free trial

./JDK