Redact.cc innovate with simple, adaptable solution to fulfilling GDPR-based Subject Access Requests
A new service promises to streamline the requirement for the ready availability of personal data in order to fulfil Subject Access Requests. SARs, as they are commonly known, arise from the obligation under the Data Protection Act (GDPR) 2018 to provide a copy of information held about an individual by an organisation or body within one month following request. Whilst extensions of up to two months are permitted where requests may be numerous or particularly complex, a response within one month to explain why an extension may be necessary is still required. The Act discourages the charging of fees for copies of personal information, save where requests are either numerous or excessive. Additionally, requests should be fulfilled in commonly-used formats, except for those cases where disproportionate effort would be required to do so. Given that now SARs can be made - validly and legally - by verbal means and even social media, meeting the challenges of compliance undoubtedly poses potential difficulties at a time when many organisations and bodies will be facing pressures from all directions.
Tech Startup Proposes Rapid Solution
Given the present-day requirements for complying with personal data requests within the legal timescales permitted, many firms and organisations have struggled to meet these obligations, leading to the possibility of non-compliance with data protection laws, and the potential for complaints being filed with the Information Commissioner’s Office. The additional complexities arising from remote working, increased staff absence and other consequences of the Covid-19 pandemic have drawn together something of a perfect storm in terms of a reliable response to a fairly immovable legal requirement. A swift and comprehensive solution has been elusive - until now.
Redact.cc’s general purpose solution uses a bespoke process to identify personally-identifiable information in any standard office document or screenshot, create a secure index of subject information, and automatically redact all PII (personally identifiable information) for compliance purposes. The systems employed can also identify that small number of cases where, under the terms of the Act, withholding information or data from the originator of the request would be not only permissible, but legal and proper : for example, where data sharing would reveal an ongoing police or tax authority investigation. The all-in-one solution is now available to private and public sector clients on normal commercial terms.
Redact founder and CTO Jamie Howarth said ; “This project was born out of a need I had to remove sensitive information from a screenshot of my own technical blog. Given the widespread and growing institutional mistrust we see as part of today’s political and social landscape, it became quite clear to me that a reliable technologically-based route could engender trust and confidence in the openness and transparency of something which is now highly visible in the realm of modern individual rights. If a robust and unbiased tool were used which would be as efficient as it was impartial in other words, something that would remove scepticism - I quickly realised that the potential was there to extend the idea into a much more wide-ranging process, covering private data in an era that values individuals data ownership, and giving organisations the easy-to-use facilities to respect their customers’ rights. In such a way, we could conceivably see a significant win-win situation, with less burdensome processes for organisations and at the same time a level of openness that customers could trust”
As well as being suitable for public authority, justice & protection purposes, the solution is CSA Star Level 1 Certified, has SHA256-bit encryption, and works with Box, Dropbox, Google Drive and OneDrive. It has also been admitted to, and is available on the UK Government’s cloud marketplace, G-Cloud 12.”