Summary of the regulation step
- Develop a process to:
- Receive customer requests
- Process personal data to machine format (CSV)
- Start with just a form and a process, add automation later.
- Can not charge for access
As people you store data on can request their Personal Private Information you will need a system to export and share this.
To start with this can be manual and give yourself 72 hours to carry it out, but if the system can be automated by developers or partners, then this process will cost you less time and quicker to the person requesting. Remember some data may be stored in a 3rd party system so different processes might be needed to collate everything.
It can also be a reason to re-evaluate current systems and simplify the number of partner systems.
We suggest the first step is to start a queue system to log requests. Then timely nature can be followed through and tracked for performance. Give the customer the ability to use a web form on your website or when on the phone, or in writing. So that you can be ahead of the request and frame the commitment and expectations.
The data provided need not be presented in a designed form, it can be as simple as a CSV file. The accompanying letter or email would be good to be clearly worded, outlying the rights and what actions to take if anything they would like to update.
You were able before under the laws to charge a small fee for this, and after May 2018 you will not be able to, so his makes automation the more valuable.