DSARs (Data Subject Access Requests) are a fundamental part of the GDPR regulations. This allows for individuals to request any data which is held on them by a company. However, recently DSARs have been used against businesses with the aim to cause disruption and put pressure on HR teams. This therefore is know as the weaponisation of DSARs.

How Are DSARs Being Misused?

DSAR requests themselves aren’t the problem and when legitimately used, it allows an ex-employee or individual to find out if a business may be holding some data on them and request for it to be deleted. The issue only arises when these DSARs are being misused, and an individual sends multiple requests in order to disrupt the business. Examples of DSARs which have been weaponised include the following

• Ex-employees seeking leverage or revenge– Former employees may file DSARs to pressure businesses.
• Competitors fishing for information – Some requests come from rival businesses under the guise of customers or ex-employees looking for insights into operations.
• Mass requests to disrupt – Multiple individuals, sometimes coordinated, may submit DSARs to create administrative issues and disruption.

What is the Impact on Business?

DSAR requests take up a lot of resources and time. It can take multiple weeks to look through your business to find where any data on an individual is being held and even then, its difficult to be certain that you have found everything. If an organisation fails to complete this request within a month, there are large penalties and fines which can harm your business long term. This is why it is important to be prepared in case of a DSAR and know that you can give this information within the required month.

How Can Businesses Protect Themselves?

The most simple way that a business can protect themselves from DSARs is to prepare well in advance. The most simple way of doing this is to invest in data management tools which can automate the DSAR process.

It’s also important to have a clear DSAR process so you know who exactly within your business to contact when/if a request comes in. By having this process, you put yourself in the best stead to complete the request within the required one-month period.

Weaponisation of DSARs: How Three Cherries Can Help Protect You

If your business has suffered from DSAR weaponisation in the past or are afraid of this rising threat, its important you get prepared and create a process. At Three Cherries, we can implement data management tools to simplify this process and help you avoid any penalties and fines. If you need any more information or help surrounding DSARs, contact us today. At Three Cherries, we take the gamble out of business technology.