An average mid-sized British company spends approximately $2 million every year processing Data Subject Access Requests (DSAR) under GDPR.
This is according to a new report from UK-based data privacy start-up Guardum, which claims businesses stand to gain much by automating the process.
Based on a polling 100 UK Data Protection Officers, the report states that almost half would love to invest into automating DSARs, while four in ten would love to see the 30-day timeframe for standard compliance extended.
On average, according to the report, just over half of DSARs are completed within 30 days, costing $5,982.25.
Guardum notes that almost half of businesses are struggling to exchange data between departments in a fashion that abides by privacy regulations.
There also seems to be a divide among DSAR managers on the topic of privacy. Four in ten believe there needs to be a trade-off between pragmatism and an individual’s right to data privacy, while a quarter believe an individual has an unequivocal right to transparent access.
Further, quarantine measures brought about by the ongoing pandemic are also likely to cause headaches for DSAR managers, with three quarters already struggling to meet data compliance obligations during the lockdown. A third (30 percent), meanwhile, expect a massive increase in DSAR requests post-Covid return to work.