New research has revealed that Data Subject Access Requests (DSARs) are costing individual UK businesses between GBP72,000 – GBP336,000 each year.
A DSAR is when an individual makes a request to a company to see all the data it holds on them. Complying with such a request, as business owners are legally obliged to do, can be a costly process, particularly if a company receives a large volume.
Analysis from The Data Privacy Group proves this, having found large UK companies are handed a minimum of 6 DSARs a month, rising to 28 for some. With each request worth around GBP1,000, the cost quickly adds up.
The number of DSARs a company receives is often a reflection of how disgruntled its workforce and customer base is. Unsurprisingly, the coronavirus and its subsequent impact on people’s employment and the standard of service companies were capable of providing contributed to a sharp rise in requests, with the furlough scheme and redundancies the primary motivators.
In order to keep cost of processing the requests down, The Data Privacy Group suggests companies invest in an operationalised privacy program. Not only will this enable companies to effectively deal with the requests as and when they come in but, and perhaps more importantly, it ensures total compliance across the business.
Many organisations are put off from setting up a privacy program because of its initial up-front cost. However, The Data Privacy Group warns the cost of non-compliance is far greater than this price, and will save companies money in the long run.
Peter Borner, co-founder of The Data Privacy Group, comments: “Over the course of the pandemic, we have seen a rise in the number of DSARs being made, which in our experience is often the result of unhappy employees or customers.
“By enlisting the support of an operationalised privacy program, business owners can be confident they are managing their incoming requests in an efficient and compliant way. For instance, understanding which information they are obligated to share, and which they are not. While it is true getting set up will cost a company an initial upfront fee, the company will make this money back from how effectively it manages any future requests”