DSAR Response Guide for Retailers to Ensure GDPR Compliance

Executive Summary

The retail industry across the EU is experiencing a significant increase in Data Subject Access Requests (DSARs), often triggered by customer complaints or police inquiries. Retail store surveillance footage is frequently requested in response to these requests. As the volume of DSARs grows, retailers are struggling to respond promptly while ensuring the secure sharing of this footage.

The DSAR Response Checklist for Retailers and GDPR Compliance offers a systematic framework to help retailers manage these requests effectively and ensure GDPR compliance. This checklist is designed to guide retailers in assessing, handling, and redacting personally identifiable information (PII) in retail store surveillance footage, ensuring compliance with GDPR, and protecting customer privacy.

By following each section of the checklist, retailers can ensure timely DSAR response and maintain GDPR compliance through:

• Establishing structured protocols for receiving, verifying, logging, and acknowledging DSARs to meet strict timelines.
• Locating personal data across systems, recognizing types of personally identifiable information (PII) captured, and applying appropriate legal exemptions.
• Implementing AI-powered redaction technologies to ensure that PII in videos, audio, and documents is securely obscured without compromising necessary information.
• Enforcing encrypted storage, granular access controls, and secure sharing practices during DSAR fulfillment.
• Conducting regular audits to verify redaction accuracy and compliance with GDPR and internal policies.
• Equipping employees with essential knowledge and skills to handle PII responsibly and operate redaction tools effectively.