As GDPR comes into effect this week, much is being written and discussed about its potential impact on organisations. One question that seems to be dividing opinion is whether there will be big upsurge in the number of DSARs (Data Subject Access Request) an organisation receives?
Now, DSARs are not new in GDPR - they were part of the Data Protection Act - any individual can request to see the data an organisation holds about them. The difference under GDPR is that an organisation can no longer charge a £10 fee for completing a DSAR, and the time they have to respond has reduced from 40 to 30 days.
One school of thought is that people aren’t too bothered about DSARs, they just want information to build a case for a complaint or other activity with an organisation. They don’t actually want to know everything. Bank customers may be shocked if they ask for a DSAR and five boxes of A4 arrive with every bank statement for the past 20 years! This view encourages organisations to reduce the scope of a DSAR at the outset to provide just the information the customer requires.
The opposite view is that now a DSAR is free and there are potential consequences under GDPR if the data held is found to be incorrect, that everyone will want everything and there will be deluge of requests from customers keen to take back control of their data.
It would only take a bit championing by the likes of Martin Lewis for this to happen. I wrote more about “Is GDPR the next PPI?” in blog post last year.
To gauge which of these two outcomes is more likely, we are running a poll on twitter this week, so let us know if you are have/are going to raise DSARs and I’ll share the results with you next week!