The General Data Protection Regulation (GDPR) gives individuals the right to request a copy of any of their personal data which is being ‘processed’.
Any person be they employee, customer, supplier or even member of the general public has a right to a copy of any personal data you are holding or processing in your organisation. They will request this as part of a DSAR (Data Subject Access Request). You must then respond with the data in a reasonable time frame.
What documents would you need to redact?
It could be letters, emails, forms, images, footage, records, files and more. In all cases if you are supplying this information to them and there is third party data on the same document then it must be redacted.
Here are some examples:
- An email was sent internally, part of the email mentioned an IT contractor that completed some work for the company. The paragraph relating to him mentioned his home address and contact details. In the same email there was mention of an employee who was out on sick leave and a new employee due to start shortly. When the IT contractor requests this information, all the other detail not pertaining to him that includes sensitive information about the third parties must be redacted.
- A customer is included in a list of email addresses for a marketing campaign. They have given consent but want to see what lists they are included on. When this list is supplied, all details of the other people on the list needs to be redacted.
- Two members of staff are looking for compensation over a workplace accident. They separately ask for documents to support their court case. Each will receive a copy of all relevant documents and records but with the other parties’ details redacted.
Redaction involves obscuring or removing sensitive information from the original document. This will be done to comply with data protection legislation. To ensure all confidential information is removed permanently on these copies it is best to rely on a professional service that uses the latest technology. Datascan Redaction Services use AI technology to identify and remove personal data to help keep clients compliant. To find out more please contact our expert team.