A real-life example of a recent DSAR case, related to HR and employment.
The identities of all parties are confidential.
A former employee had made a complaint about his manager while employed.
As part of his complaint he requested access to some information about him, held by the company. This request for information was later rejected as he was no longer an employee of the company. So, the subject chose to use a DSAR to establish what information was held what personal information was held by the organisation.
How did we help?
We helped the client validate the request.
In this case communications were managed by continuing the original email conversation initiated by the data subject.
We reviewed the documents that were discovered by the client.
This was done using the integrated attachment tool in the OneTrust platform. This allowed us secure and controlled access to the documents.
We proposed suitable limitations on the documents.
After reviewing the content located by our client, our privacy consultants were able to mark up and propose exclusions and redactions of content which is not pertinent to the DSAR response.
We supported the communications to the data subject.
Explaining what data was being provided, the relevant regulatory clauses and principles that were being applied, the process that we had undertaken, the reasons for extraction or redaction of parts of the content, and the conclusions that had been found. Also ensuring that the client’s response was in full compliance with all other regulatory aspects, including a statement of the subject’s further rights under the GDPR.
We applied records management controls.
This includes setting retention periods for the DSAR file, the edited attachments held in the DSAR management platform, and all the correspondence related to the request.
A key element of the solution is the privacy management software from OneTrust. Oyster IMS have made extensive use of the OneTrust Data Subject Rights Management tool, which we find to be the most complete and efficient tool for managing DSARs.
Oyster IMS DPO as a Managed Service solution is not just about providing expert GDPR and privacy advice from qualified consultants – it also provides support and guidance on how our clients can maximise the benefits of OneTrust.