Image by: triloks, ©2018 Getty Images

May 25, 2018 will be here sooner than you think. Even if you're located in the US, the General Data Protection Regulation (GDPR) may impact you if you have customers in Europe. Yet, many organizations are taking a “wait and see” approach concerning a major change in the GDPR.

In the European Union (EU), all consumers have the right to request any and all private data that a firm might hold about them. They can also dispute it, request changes, and even require it to be deleted. This is called a Subject Access Request (SAR). Enterprises have less than 30 days to respond to a SAR, which means they must be able to locate and share all data about that particular consumer—no small feat. When this Guardian journalist requested her data under the 2016 version of the law, she received a 800-page data dump. If your company is called on to answer a SAR request, you will need to handle it quickly and accurately. To get prepared, let’s break down this process in four steps.

1. Provide Customers With a Way to Submit a SAR

You will need to design and deliver an omni-channel form that will trigger the process of responding to the customer’s request.

2. Procure the Data

The customer’s data probably resides in several systems. Do you have personal client data in the transaction system? You have to supply it. Do you have a separate customer relationship management (CRM) system with client information? You have to supply that as well. Do you make acquisitions that have client data in multiple core systems? You also have to supply this. Have you augmented data with third-party demographic or psychographic data? You must supply that too.

3. Deliver a Report

The customer can request a digital or printed response from the company. In order to deliver reports to multiple channels, your customer communications management (CCM) system needs to be integrated with the data systems that might hold any private data.

4. Accept Changes and Challenges

If a client wants to delete, dispute, or discuss any of the findings, your company is required to meet this obligation, which also means managing inbound communications across a variety of channels (print, IVR, live support, web, mobile, etc.). After the consumer requests a change, you will need to produce a new report reflecting these changes.

If SARs are handled manually, there is danger of personal data handling mistakes, errors of omission, and simple processing blunders that can lead to shockingly large fines. You can’t forecast how many SARs an enterprise will receive or how much they will cost to fulfill individually, but automating the procedure by combining your CCM systems, web portals, and CRM systems to deliver rapid compliance can put you ahead of the curve while delivering the best experience possible.

Scott Draeger is Vice President of Product Management at Quadient. He joined the digital document industry in 1997, after graduating from UNLV. He started as a document designer using a collection of hardware and software technologies, before moving to the software side of the industry. His broad experience includes helping clients improve customer communications in over 20 countries. For more information, visit or follow him on Twitter @scottdraeger.