The manual fulfillment of these rights by organizations is a slow, expensive, and insecure process. This is because, without an automated system to correlate identity and personal data, the resolution of such requests can translate into manual investigations to:
Verify the identity of the person making the DSR.
Discover which systems and which objects within those systems hold the data subject’s personal data. A typical enterprise may have hundreds or thousands of such internal and external systems.
Discover current owners of those systems and objects. In a typical enterprise, the ownership changes regularly.
Engage owners of systems and objects over email or other methods and share the details of the subject.
Work with each system and object owner to comply with the request. The actions required vary depending upon the request type and the legal reasons for data retention.
Combine the products of all parts of the investigation into one report for approval by the stakeholders and the legal team.
Securely share the report with the data subject.
Keep an audit trail of all the steps taken to comply with the request and prove compliance in case of legal issues.
Doing all of the above tasks manually for each subject request is costly, inefficient, and most importantly, prone to human error and compliance lapses.