“How do the other companies master the DSR process? Before we dive into examples from some of the top DPOs of the tech world, let’s review the requirements and options.
[Requirements]
Upon request, companies must grant a copy of the user’s personal data, the reasons the company holds that data, and the category it falls under. Under the GDPR, companies must also share any entities they’ve shared the information with, how long they’ve had this data, whether it is automatically used, and how it affects the company’s processes.
In short: You must be able to share the who, what, why, and how of a user’s data in an easy-to-understand format at any time. This means you need systems that make this process quick and painless for your organization and consumers.
[Two Main Options for Handling DSRs: Manual and Automated]
There are two main ways you can go about this: Manually or Automated.
[Manual]
If you love a good DIY approach, you’ll enjoy more control over the data and processes… but as with any DIY project, the benefits end there. Manual DSR processes require significantly more time, resources, and the possibility of error. You’ll need to organize, review, and respond to every request, one by one. This takes even more time using methods like email instead of online forms.
While it may save money initially, it costs more labor, time, user experience, and potential legal or reputation consequences later.
[Automated]
Your other option is a more automated approach: specifically, by using a privacy management platform. This costs in software but saves in time. But time is money, right? The less time you spend processing data requests, the more time you have to work on more profitable tasks. Plus, you can fulfill the request faster and more accurately, without human mistakes: Look for an automated software or system that prioritizes organization, privacy, and accuracy. This way, there are no human errors. Privacy management software makes following rules, creating workflows, and remaining in compliance automated. It’s all about working smarter, not harder.
[Handling DSRs From the Top DPOs of the Tech World]
Over the past year, our team had the opportunity to interview some of the most successful DPOs in the tech world.
[VIDEO EDITING: Put all of these logos on screen while speaking: Wix, Udemy, ASOS, Klarna, Amdocs, Grindr, Logitech, Microsoft, Cloudflare, iRobot]
Let’s hear what the pros have to say about handling DSRs and creating a positive privacy experience:
[Wix’s DPO, Lior Saar]
First, we’ll hear from Wix’s DPO, Lior Saar. If you aren’t familiar, Wix is one of the top website development services in the world. Not only do they ensure their customers enjoy a great privacy experience, but they ensure the websites their customers create offer the same level of privacy with built-in consent forms. While the company manages DSRs and other privacy tasks with internal tools, something amazing happened after introducing a new consent management banner:
“We were truly surprised that after implementing our consent banner on Wix, we witnessed an increase in our conversion rates in certain geos. We augmented our users’ trust and received improved conversion in return, it’s so simple as that.”
That’s right — their brand and business improved simply by making it easier to opt-out.
[Udemy’s DPO, Edward Hu]
When interviewing Udemy’s DPO, Edward Hu, we gained valuable insight into the company’s success. As he said,
“In terms of advice, for companies with a medium or high volume of requests, I’d recommend using a third-party solution. I’ve managed data subject requests manually, using only email and spreadsheets, and the difference is huge. Having a third-party solution also centralizes all of that information into a single place so that you can demonstrate your compliance should the need arise. I’d also recommend developing customer self-service tools. In addition to achieving a scalable solution and reducing operational burden, customers like having the ability to directly access, correct, or delete their own data or opt-out from marketing communications.”
This is just a scratch on the surface of the knowledge they have to share. If you want to hear from more DPOs, you can access them on our blog. But in the end, we learned that investing in more transparent, seamless user data controls can quite literally reward your organization with increased trust and conversions. Even more, a third-party solution and software can allow you to scale your business and create a more positive experience for both you and your customers.
In our next video, we’ll continue learning more about how to succeed in the DSR process, exploring the best response to a DSR and a simple 4-step process for completing them.”
