Skip to content Skip to footer

Loading Results

How eDiscovery technology solves top DSAR challenges

28 May, 2021

The worlds of data protection and eDiscovery are becoming increasingly intertwined, particularly since GDPR came into effect. The way organisations respond to Data Subject Access Requests (DSARs) illustrates the issue. Due to nearly identical workflows - from data identification, collection, processing, review, and the ability to find, isolate, redact, and manage Personally Identifiable Information (PII) - there are challenges for organisations who rely on data and managing DSARs. Here, we look at the issues, and discuss five ways to leverage your eDiscovery technology to solve your challenges.

Dublin's cityscape during the night.

The top DSAR challenges

Volume increase

For organisations that regularly receive DSARs, most know how time consuming and expensive they can be. This is especially true when there is no process in place and no dedicated resource to handle the requests. While DSARs existed well before the GDPR came into effect and data subjects already had the right to request and view the personal information that organisations hold on them, the GDPR brought awareness of data privacy rights into the mainstream. This new visibility into personal data and how organisations access, store, and use that data has created a surge in DSAR requests. In parallel, electronic data volumes and types of data in general have continued to explode making the process of identifying, reviewing, redacting, and producing relevant data sets in response to a DSAR more complicated than ever.

Short response deadline

With this ever-growing inventory of data, it is often time consuming and overwhelming for organisations to respond in time to comply with the GDPR’s mandatory 30-day deadline for DSAR requests. The more data organisations hold and the more unorganised their data inventory is, the greater the difficulty in meeting this deadline. Often staff from core business functions are required to drop existing commitments and prioritise the manual collection of data for weeks at a time. This can be very costly and is extremely disruptive for any lean organisation. 

But there are multiple automated solutions that can be employed to minimise disruption and lower the burden. For example, organisations should look to take advantage of the built-in functionality present in most major cloud solutions. These include setting automatic data retention and deletion policies. Reevaluating legal hold policies to ensure all data is not held in perpetuity can help reduce data volumes. 

It is easy to see the parallel with the eDiscovery industry. The electronic aspect of discovery, involving identifying, collecting and producing electronically stored information (ESI) in response to a request for production in a lawsuit or investigation is close to DSAR. eDiscovery veterans have spent years developing technology to make finding relevant data quicker and more efficient. With the help of a mature, cloud-based eDiscovery platform, organisations can handle large volumes of DSARs while creating a scalable, auditable, and repeatable data access process. Where a mature eDiscovery workflow already exists it can provide the perfect solution to get ahead of DSARs and create an efficient and less costly process.

With the GDPR’s specific mandate that organisations should not retain any more data than is necessary, creating rational and customised data retention policies will limit the amount of data needed to be searched, reviewed, and redacted with every DSAR request, making it much easier to respond within the 30-day time frame.

Five ways to solve DSAR challenges with eDiscovery technology

Take advantage of robust dashboards

When you adopt a cloud eDiscovery platform to handle DSAR requests, you immediately have a one-stop shop for handling DSARs from identification all the way through to export. One particularly helpful feature typical of eDiscovery platforms is a robust dashboard that can keep track of all your DSAR requests in one place, including completed DSARs. These dashboards were developed to organise complex eDiscovery matters involving multiple custodians and large volumes of data and can be tailored to perfectly fit DSAR requests.

Utilise legal hold technology for notifications

Legal hold technology is an integral part of eDiscovery workflows and involves notifications sent from an organisation's legal team to employees who may be related to an impending litigation or investigation. It instructs the employee not to delete ESI until further notice. In the context of DSARs, and in case the DSAR may be headed to future litigation, eDiscovery technology can issue legal holds and send notifications automatically for all the parties involved in the DSAR.

Collect data directly from the organisations’ cloud environment

One of the biggest challenges in any DSAR is quickly locating and collecting all of the data pertinent to the data subject making the request. With best-in-breed cloud eDiscovery platforms, anyone handling a DSAR request can connect the platform directly to the custodians’ cloud environment, collect the necessary data, and upload it straight into the platform without needing to involve IT. This can significantly reduce one of the most time-consuming parts of any DSAR request.

Use advanced searching and redaction technology

At the top of the list of seemingly impossible tasks to achieve in a strict 30-day timeline, is manually searching and reviewing a large data set while also finding and redacting PII. This is an area where eDiscovery technology excels with extremely robust searching functionality and automated redaction capabilities. Redaction capability is critical in a DSAR to ensure that PII is not revealed and this function has advanced dramatically in recent years to include redaction on native files and technology that can identify key terms i.e. phone numbers or addresses and automatically redact them in your relevant data set.

Export data set directly to data subject

At the end of every DSAR, once you’ve identified and reviewed your relevant and redacted data set, is the need to send that data to the data subject. This is akin to the stage of eDiscovery where after a painstaking process of collecting, processing, searching, reviewing, and redacting, you are ready to produce your data set to opposing counsel. eDiscovery technology makes this final step simple by allowing you to choose your desired output format and package it for export directly to the data subject. From here, you will also have an audit trail of exactly what you exported in every DSAR.

We are here to help you

As DSARs continue to increase under the GDPR and data volumes explode, we know that the challenges you face are growing. There’s no doubt that technology can be the solution as organisations seek to create a scalable, auditable, and repeatable DSAR process. We are ready to help you as you face the future. Contact us today to learn more.

Contact us

Pat Moran

Partner, PwC Ireland (Republic of)

Tel: +353 1 792 5308

Will O'Brien

Director, PwC Ireland (Republic of)

Tel: +353 1 792 8988

Sarah Ledgerwood

Manager, PwC Ireland (Republic of)

Stephen O'Keeffe

Manager, PwC Ireland (Republic of)

Tel: +353 21 420 4235

Follow PwC Ireland