Nov 14, 2014
This blog text aims to show how companies should provide consumer access in accordance with the law and good practices. The consumer data access is one of the main fundamental rights of the Data Protection Act where individuals are seen as the owner of their personal data. At the same time consumers have become more aware of the value of their personal data. If this consumer right is neglected or left without prejudice, many of the potential uses of personal data and innovations which have not yet been explored can be threatened.
Without internal organization process these requests might cause extra burden, extra effort, hassle and additional costs on company’s daily business operations. Developing a Consumer Request Process inside an organization makes these requests cost efficient and organization effective way to respect consumer rights. But where to start?
Few good starting points are mentioned below:
Why should you have a process for customer access requests?
If there is no defined process on handling customer access requests, it is also likely that an organization fails to comply with them. Well-designed process allows you to get rid of time-consuming ad-hoc case solving, and most of all, successfully comply with this obligation without interference of the data protection authorities.
Your organization should see data access requests as an opportunity to improve customer service and service delivery but also as a possibility to increase levels of trust and confidence in information-handling in your organization. The only way is to be open to individuals about the personal information you hold about them by giving consumers the right to view, correct and delete the personal data stored about them. This involves systematic changing in the way companies think about the ownership of personal data.
Information commissioner’s officer (ICO) – Subject access code of practice. Dealing with requests from individuals for personal information. http://ico.org.uk/for_organisations/data_protection/~/media/documents/library/Data_Protection/Detailed_specialist_guides/subject-access-code-of-practice.PDF
Finnish Data Protection Ombudsman. http://www.tietosuoja.fi/material/attachments/tietosuojavaltuutettu/tietosuojavaltuutetuntoimisto/oppaat/RTLvP7vGp/Henkilorekisteriin_talletettujen_tietojen_tarkastaminen_22.8.2014.pdf