Select Page

Accelerating Subject Access Request response time

Author: Nate Latessa, President

30 Day Challenge

An ongoing challenge to any organization is how to quickly and accurately respond to a subject access request (SAR). What was once difficult becomes even more challenging with new GDPR rules. Response time has been shortened and is clearly stated in Article 12(3) of GDPR:

“The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month [emphasis added] of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.”

In other words, as part of GDPR companies are now required to respond to a data subject within one month of their request for information. This time frame has been reduced from a previously stated 40 days. The major challenge is how to search across hundreds or thousands of computers containing unstructured data to obtain an accurate accounting of subject information? And more importantly, how can that be done quickly and efficiently?

Challenge Accepted

Heureka is meeting the new time requirement head on! Our unique approach creates a full text/metadata index for each installed endpoint or file share and leaves that index in place. In other words, subject data is never centralized to a new location for searching or analysis. This approach is critical in a GDPR-compliant environment as Heureka does not create copies of data or centralize information to perform tasks. To further enhance the security of data, Heureka has flexible installation options including deployment in an on-premises format if required.

Once deployed, a user can begin fielding SAR’s and creating searches based on keywords, Boolean queries, regular expression patterns, file names, date ranges, or other criteria. Additionally, Heureka has built-in auto categorization tools which do a daily classification and tagging of potentially sensitive information. A search of hundreds or thousands of machines begins yielding results in one minute or less!

Extended capability

Reporting on a SAR can easily be built based on your Heureka’s search results. More importantly, Heureka extends your GDPR compliance capabilities by including the ability to quarantine or delete files on endpoints using the same Heureka interface. This helps clients comply with Article 17 “Right to be forgotten”. We will explore this area of Heureka’s software in a future post.

If you would like view or download Heureka’s Subject Access Request use case, click Heureka Subject Access Request.