Both the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the United States effectively put in place greater restrictions around how companies collect and process the personal information of consumers and employees. “Right of access” requests from data subjects, particularly, are still creating compliance headaches.
Among the most onerous requirements under the GDPR and the CCPA from a compliance and operational standpoint is responding to right of access requests from data subjects, including customers, clients, employees, and third parties. This has proven to be quite a costly endeavor for companies. According to a survey conducted by Gartner, organizations spend an average of $1,400 to manually process a data subject access request (DSAR), and it can take at least two weeks to respond to each one.
