Martin Bonney, Nuix: Using Nuix Discover to Help Law Firms with Data Subject Access Requests

Extract from Martin Bonney’s article “Using Nuix Discover to Help Law Firms with Data Subject Access Requests”

A couple of years back, when the GDPR was about to come into force, there was a great deal of talk about Data Subject Access Requests (DSARs)[1]. While European residents had long held the right to request their data, the fact that it was now free, and that there were potentially significant penalties for non-compliance meant that many organizations expected a tsunami of DSARs. There was an increase but perhaps not a tidal wave. Recently there has been speculation (in the wake of the COVID-19 pandemic and the associated job redundancies) that we are likely to see another surge.

It is important to understand that DSARs are about the rights of a data subject. A data controller must not only confirm whether it is processing the data requested and provide a copy, but also document:

  • The purposes of processing
  • The categories of personal data concerned
  • The recipients or categories of recipient to whom the data has been disclosed
  • The retention period for storing the personal data or, where this is not possible, the criteria for determining how long it will be stored

Read more here