From GDPR to CCPA, the right to data access is the Achilles’ Heel of data privacy compliance and customer trust – Part 3
This blog is the third and last one of a series dedicated to Data Subject Access Requests (DSARs) and its importance to regain customer trust.
In the first and second blog posts we explained the importance of DSAR as well as how the customer experience can be impacted if the process is not well managed. In this last part, we will go through a few tips that could help you to be DSAR champions!
How to succeed with DSARs
Although our GDPR benchmark research highlighted a low level of maturity with respect to data privacy, it was also extremely useful to highlight how best-in-class companies differentiate.
Integrate DSAR in your customer experience
To the data subject, a DSAR appears as a customer service, rather than a legal procedure: best in class companies understand that privacy matters to their customers and that answering the DSARs creates a differentiated customer experience. As a result of their answered requests, customers are reinsured of their suppliers’ ability to protect their personal data and use it only for the right purpose.
Set up a workflow management
DSAR is managed as a workflow: in case a request is not addressed in real time (which only a very small fraction of organization do), the data subject is informed of the progress of his or her request and what the current process is. When the data subject needs to provide additional information, for example for identity checking, he or she is informed clearly and reminded in case he or she doesn’t answer on delays.
Make it frictionless and smooth
Data subject data is rendered in a meaningful and easy to consume way. No matter if the data is rendered online through a portal or as an electronic file, not only do best in class companies deliver personal data in a complete and understandable format, they do it in a didactic way. This helps to explain to the data subject why the supplier needs this data and how a data subject will benefit from this.
Automate the process
The data collection process is automated. Best in class answer in a timely manner. As mentioned in part 2 of the series, 30 days might be good enough for complying with the regulation, but it is beyond what a data subject would consider as a decent timeline. For a data subject, DSAR sounds like a basic request. Why should it take so long for an organization to share personal data? Could this indicate a lack of transparency? A lack of control? Or slowness to enter the digital age? Best in class companies leave no doubt that they take privacy very seriously and address it in a professional and timely way.
Lessons learned from the best in class
One great example of how to address DSAR with a customer centric approach is Accor. Customer experiences are key in hospitality, and as a global leader in this industry, Accor has transformed its business around the idea of “Enhanced Hospitality,” with tailor-made services to anticipate the slightest wishes of its guests and make them experience moments of emotion. The customer loyalty program is so important to Accor that you see the brand of their new program on the chests of some of the most globally knows sports stars, such as Neymar, Mbappé, and the rest of the players of the Paris Saint Germain soccer team.
This type personalization requires responsibility with data. So, when GDPR came into effect, Accor engaged into a modernization of the privacy program leveraging their brand-new data lake, and using Talend Data Fabric modern data management technologies, such as Talend Data Catalog and Talend Big Data to discover, categorize, protect, locate, reconcile and share personal data. As the result, they have been able to reduce the time it takes to answer DSAR from 30 to 6 days.
Accor data transformation program, with data privacy at its core, is further described in this success story
Taking these first steps and putting data governance at the heart of your data strategy will help you to master DSARs for GDPR, CCPA and other data protection regulations that could come into force in 2020 and beyond.
For more information about GDPR and CCPA compliance, please visit: https://www.talend.com/solutions/data-protection-gdpr-compliance/