Data Subject Access Requests (DSAR/SAR) Document Review

DSARs are personal data requests from any individual (known as a data subject). In most cases, a fee may not be charged to the data subject for providing the data and the deadline for compliance is usually one month from receipt of request. The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organisations that infringe its requirements.

Since the GDPR rules were introduced in May 2018, there has been a significant increase in the number of DSARs received by UK businesses. The document review process is time-consuming, costly and onerous and as a consequence, law firms and in-house legal teams are increasingly partnering with legal service providers such as Global BPO to deliver a cost-effective and efficient solution.

Global BPO’s DSAR review and redaction service is managed by UK qualified solicitors and enables clients to scale up resources whilst significantly reducing costs and time spent on non-core processes.

THE CLOCK IS TICKING!

Global BPO empowers you to streamline your Data Subject Access Request.

Global BPO empowers its clients to streamline their DSAR (Data Subject Access Request) document review process by using expert teams of paralegals, legal executives and qualified lawyers, who work on our client’s preferred digital platform from Global BPO’s managed and ISO/IEC 27001 certified environment in Cape Town, South Africa.

Sourced and managed by Global BPO on our clients’ behalf, our teams deliver scalable and flexible DSAR Document Review support. With extensive experience in all aspects of the process, Global BPO works closely with its clients to ensure that the right team is in place as and when required and that critical deadlines are met.

Global BPO is software-independent and works with all proprietary and non-proprietary platforms such as Everlaw, Relativity, Symantec ediscovery, Exterro fusion ediscovery, Ringtail/Nuix, Recommind, Axcelerate, Kroll Ontrack, HP Autonomy, Logikcull, Discovery Attender and multiple others.

PARTNERING WITH LEADING-EDGE TECHNOLOGY PROVIDERS ENABLES US TO OFFER A BESPOKE SERVICE INCLUDING:

If required, Global BPO can also make recommendations for best-fit software solutions.

Benefits to our clients include flexibility, scalability, consistency of service, enhanced productivity and significant cost savings.

Daily updates ensure that the client’s requirements are met at each stage of the project and handover occurs within the agreed deadline.

DATA SUBJECT ACCESS REQUESTS – IS YOUR BUSINESS READY TO RESPOND?

As new privacy regulations emerge, responding effectively to Data Subject Access Requests is often cited as one of the greatest compliance challenges faced by organisations.

What is a Data Subject Access Request?

On 25 May 2018 Article 15 of the General Data Protection Regulation (GDPR) came into force enabling individuals to obtain a copy of their personal data as well as other supplementary information from their employers, regardless of whether they remain in their employ. Such a request is referred to as a “Data Subject Access Request” or DSAR.

A DSAR is usually submitted by an employee as part of a grievance, disciplinary or employment tribunal process.

The information that employees can request from their employers includes:

The employer is obliged to respond to a DSAR within 30 days of receipt of the same and employees do not have to pay a fee as part of their DSAR unless the request is “manifestly excessive”.

The maximum fine under the GDPR is up to 4% of annual global turnover or €20 million, whichever is greater, for organisations that infringe its requirements.

Where employees have worked for companies for many years, the amount of personal data that a company will hold on that employee will be extensive. As a consequence, Recital 63 of the GDPR states – “A data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.

Although DSARs are not new, the introduction of the GDPR and the changes that it brought about, have made it much easier for individuals to make such requests.

Individuals do not need a reason to submit a DSAR – subjects can request to see their data at any time.

It is important for employers to know that they do not need to provide everything – only information that is considered “personal data” is required and this does not need to include everything that mentions or refers to the data subject. Furthermore, some information can be redacted.

If the DSAR is significant or complex, the 30-day deadline can be extended by two months but a response to the request should be provided within the first month explaining why the extension is necessary. DSARs can be extremely burdensome for employers and depending on the amount of documentation that needs to be reviewed, the exercise can be very time-consuming and costly.

The DSAR/SAR Process

Global BPO works in partnership with law firms and businesses to provide an integrated and cost-effective DSAR solution:

Challenges faced by businesses

DSARs are time-consuming, costly and potentially damaging for businesses, and the demands they place on organisations are considerable. It has been reported that over 60% of businesses are struggling to manage the exponential increase in DSAR submission.

Thousands, if not millions of documents require identification, processing, de-duplication, de-threading, review and redaction. The process is rarely straightforward with customer information, data regarding other employees and forecasting data often appearing within the individual’s personal data.

The financial and human costs can be considerable. Independent research conducted by Sapio Research shows that UK businesses with 250 or more employees spend, on average, £1.59 million and 14 person years annually processing DSARs. Much of this cost can be attributed to having to gather, collate and redact information manually. Timeframe for completion is short and often challenging, placing considerable pressure on already stretched company resources.

Optimising the DSAR approach

In order to overcome such challenges, employers and law firms handling DSAR reviews for their clients are adopting alternative approaches. Businesses are able to make use of document review software that has been developed in order to streamline the document review process. DSAR legal process specialists, such as Global BPO, provide teams of experienced document reviewers who know exactly which information is relevant and needs to be provided, as well as what should be redacted.

WHY GLOBAL BPO?

Optimising the DSAR approach

Founded by lawyers in 2001 to provide bespoke legal and business process services, Global BPO understands the complexities and pressure points faced by law firms and businesses. They support a broad global client base including law firms, accountants, corporations and SMEs.

DSAR Expertise

Global BPO empowers its clients to streamline their DSAR document review process by using expert teams of paralegals, legal executives and qualified lawyers, who work on their client’s preferred digital platform from Global BPO’s managed and ISO/IEC 27001 certified environment in Cape Town, South Africa.

Sourced and managed by Global BPO, specialist teams with extensive experience in all of the major document review platforms deliver scalable and flexible DSAR document review support. Proficient in in all aspects of the process, Global BPO works closely with its clients to ensure that the right team is in place as and when required, and that critical deadlines are met.

Review speed usually varies between 40 and 120 documents per hour and tends to increase as the project progresses. Lengthy, complex spreadsheets and HR documents often take longer to review.

Proficient in document review software

Global BPO is software-independent and works with all proprietary and non-proprietary platforms such as Relativity, Luminance, Ringtail/Nuix, Everlaw, Symantec ediscovery, Exterro fusion ediscovery, Recommind, Axcelerate, Kroll Ontrack, HP Autonomy, Logikcull, Discovery Attender and multiple others.

Global BPO also offers a managed review service to include the provision of software, uploading of data and application of search criteria.

Through effective processing, the number of documents requiring review is considerably reduced, often by over 50%, resulting in significant efficiencies within the overall DSAR process.

Quality assurance and dedicated project management

In partnership with the law firm or in-house legal department, a specialist Project Manager oversees all operational aspects of the project including the initial client briefing, first-level Quality Assurance, daily client updates and Production.

Matters to be included within the client briefing vary according to the type of project and Global BPO supports clients with the process as much as required.

A client briefing would usually include the following:

In accordance with the industry standard, Global BPO’s quality assurance process includes 10 percent of all the documents which have been reviewed and redacted. These checks are randomised to ensure that the range of documents undergoing quality assurance is as broad as possible.

Channels of communication with the law firm/legal team and client are implemented to ensure that the approach towards sensitive and privileged documents complies with industry best practices.

Once the review and redaction exercise and the quality assurance process are complete, the ‘production’ documents, (those which are relevant and require release to the Data Subject,) will be handed to the client for final checks.

Upon authorisation, the production process commences in accordance with the format and style specification of the documents to be released to the data subject.

At the end of each business day (or as requested by the client,) Global BPO provides a detailed progress report including the review statistics

Information security and client confidentiality

Information security is embedded within Global BPO’s approach to handling client information. Extensive research and numerous measures and strategies have been implemented to keep data safe and maintain a high level of security at all times.

Global BPO has adopted and subscribed to the ISO27001 accreditation which defines specific requirements to protect IT as well as non-IT assets and data. These systems and processes are audited annually.

For dedicated teams, Global BPO offers the option of a fully segregated workspace, with additional biometric or tag-based access control measures in place. Only authorised personnel have access to the segregated space.

Global BPO’s focus extends beyond pure information technology safeguards, such as network, permitter, server and workstation security and maintenance, to include stringent information security policies, procedures and actions to protect and keep employees and information technology assets safe.

Cost-savings

Global BPO uses specialist document review software to reduce the document count as far as possible. The more effective the software, the lower the overall cost of the review.

Before commencing the project, Global BPO offers an electronic pre review skim and grouping service to refine further the data.

Cost proposals include highly competitive hourly rates, expected review speeds, project management and quality assurance. In the event of case settlement and withdrawal of the DSAR, Global BPO offers incremental billing based on the number of hours completed.

Global BPO’s commercial model delivers significant cost-savings, often in excess of 50%, enabling law firms to respond to their clients’ increasing cost-sensitivities and companies to make direct savings.

Flexibility and scalability

DSAR deadlines are often challenging but by working with Global BPO’s legal teams, law firms and in-house legal departments are able to scale up quickly without compromising on quality.

With extra resources available on demand from Global BPO, law firms are also able to take on additional work for new and existing clients whilst stretched in-house legal departments are able to make better use of their time.

Dedicated client management

A dedicated client manager is assigned to each project to manage the engagement process, provide a commercial proposal and ensure a seamless and efficient handover to the Project Manager.

Client relations are a core priority and Global BPO focuses on strengthening long-term trusted partnerships. Innovation, agility and a customer-led approach underpin the business and Global BPO works closely with clients to ensure services evolve in line with business needs.

DSAR SUCCESS STORY

Client Brief: A Magic Circle law firm required an urgent integrated DSAR service, drawing data from multiple devices and sources to be delivered within 10 working days.

Global BPO’s solution:

Benefits to the law firm:

Benefits to the law firm:

* Compared to average in-house costs

Client’s feedback: “Your teams managed to turn things round in a very short timeframe and had a can-do approach which made the whole process run more smoothly.”

GET IN TOUCH TODAY!

Global BPO