A Blueprint for Efficient SRRs: Mastering Your Subject Rights Workflow
On February 27 2025, the Court of Justice of the European Union (CJEU) delivered a judgment in CK v Dun & Bradstreet (Case C-203/22). This judgment clarifies the GDPR provisions regarding the right of access to personal...more
Under UK data protection legislation, individuals, also called “data subjects”, have the right to make a data subject access request (DSAR) to organisations that “process” their personal data. Similar rights are required by...more
If you don’t know where your business collects, stores, and processes consumer data, you can’t manage that data in a compliant fashion. You won’t know whether...more
As many employers will be aware, data subject access requests (DSARs) can take up a significant amount of business resources and are a common tactic used by disgruntled employees. A recent decision from the Court of Justice...more
Both the EU and UK GDPR grant data subjects rights in relation to their personal data. Article 15 gives data subjects the right to access their personal data and increasingly, data subjects are exercising this right by...more
For the most part, businesses gather employee data without too much thought. Sure, some data is obviously private, like employee social security numbers, but other than that, businesses can pretty much do what they want with...more
At midnight on the 25th of May, 2018, millions of people were suddenly in possession of legal rights they lacked minutes before thanks to the General Data Protection Regulation (GDPR). Among those rights were the ability to...more
Data is what makes the modern business world go around. But as the amount of data that organizations collect and process grows, so, too, do concerns about data security and how organizations respond to DSARs. These...more
Editor’s Note: On September 29, 2022, HaystackID shared an educational webcast on the topic of US privacy law. As privacy continues to move to the forefront of not only information consideration but of business concern for...more
On 18 July 2022, the UK government introduced the Data Protection and Digital Information Bill to Parliament for its first reading. Following the UK leaving the European Union in 2020, the Bill sets out the proposed reforms...more
Data subject access requests (DSARs) are a cornerstone of the data protection regime, being fundamental in helping individuals to exercise their rights. If individuals do not know what information an organisation has about...more
Thanks to GDPR, every individual has the right to request and access data that organizations hold about them. This poses a significant challenge for organizations, as this information can be located anywhere your organization...more
Data protection laws, such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are a major cause for concern for organizations. While the biggest fines garner headlines, such as...more
Selected Developments in U.S. Law - SEC Proposed Rule Will Require Private Funds to Report Certain Cyber Events On January 26, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules to enhance hedge fund...more
UK employers have just about got used to the idea of GDPR, but the government has launched a consultation on reforms to the data protection regime....more
In the last few years, data privacy laws and regulations have been big news. Much of the coverage—including one of our recent blog posts—concerned website compliance. Companies scrambled to post notices and forms on their...more
Editor’s Note: On May 19, 2021, HaystackID shared an educational webcast designed to inform and update legal and data discovery professionals on how organizations can better manage the volume of DSAR, PII, Discovery, and...more
If you are responsible for handling data subject requests made pursuant to the EU General Data Protection Regulation or verified consumer requests made pursuant to the California Consumer Privacy Act, chances are you have...more
Back in November, I wrote on this blog about Big Data being one of the challenges that is forcing technology to move more to the data sooner in the discovery process. One of the most notable fun facts that illustrate just how...more
When it comes to data privacy law, change is the only constant. The global pandemic unleashed a new set of risks related to data privacy that companies will have to confront in 2021. But despite the COVID chaos, data privacy...more
As more organizations find themselves under scrutiny for the way they collect and use consumer data, maintaining CCPA compliance has never been more important. CCPA has been introduced to give control back to consumers,...more
In my latest post, I outlined the process involved in the actual response to DSAR requests. In my last article of this series, I will discuss the best practices and workflows that your organization should follow when...more
For any organization that deals with privacy issues in the European Union and other privacy-centric jurisdictions like the United Kingdom, an effective information governance program is a must. A program that includes a...more
The COVID-19 virus outbreak poses serious challenges to businesses operating globally, including in Europe. In response to the outbreak, governments worldwide are taking increasingly severe measures to fight the pandemic, and...more
The words “hodgepodge” and “patchwork” are overused in the world of risk and compliance, but they’re certainly appropriate for describing the myriad data privacy regulations popping up around the world. In 2018, the world...more