驾驭复杂的 DSAR — DSAR 的多司法管辖区视角.pdf

《驾驭复杂的 DSAR — DSAR 的多司法管辖区视角.pdf》由会员分享，可在线阅读，更多相关《驾驭复杂的 DSAR — DSAR 的多司法管辖区视角.pdf（12页珍藏版）》请在三个皮匠报告上搜索。

1、Navigating Complex DSARs:a Multi-Jurisdictional PerspectivePanellistsHelen AllenLondon Stock Exchange GroupCIPP/E,CIPM,Data Protection Officer and Director of Privacy ComplianceHelena BescosCostco Wholesale European Counsel and Data Protection OfficerBrad BryantAonChief Privacy OfficerGeraldine Scal

2、iBCLPPartner,Data Privacy&SecurityRecent Trends&StatisticsAdapting your DSAR Process to Local RequirementsCase StudyTop TipsAgendaIn 2022,the ICO reported over 15,000 subject access complaints.2023 Survey(Source:EY)60%of respondents reported rising DSAR requests in their organisations,driven primari

3、ly by heightened awareness of rights.Complaints about DSAR handling are common,reported by 51%.Claims management companies(CMCs)are upping the ante,causing concern for DPOs.Bulk DSARs challenge 33%of organisations.In-house management of DSAR dominates at 88%,across multiple departments(HR,IT,Legal,c

4、ompliance).Recent Trends&StatisticsRecent Trends&Statistics(contd)B2B DSARsHR-related DSARsCustomer-related DSARs Weaponisation of DSARsSystematic,third parties DSARsScrutiny over the interpretation and implementation of the right of access by organisationsAdapting your DSAR Process to Local Require

5、mentsDSAR obligations under many local laws are similar to the GDPR with local specificitiesScope:GDPR(EU/UK),US Time to respond:o1 month/30 days+extension:EU,UK,Canada,Australia,Singapore,Thailand,South Africao 1 month/30 days+extension:CCPA(US 45 days),Hong Kong,Mexico o 1 month/30 days+extension:

6、Taiwan(15 days),Costa Rica(5 days),Panama,South Korea and Columbia(10 days),New Zealand and Peru(20 days)onot specified/without undue delay:Japan,PhilippinesExemptions:oLack of uniform interpretation in GDPR countriesoUSCase StudyCase Study(contd)Additional Background Information