Case Study

GetSwift Slashes DSAR Fulfillment Time With WireWheel

Companies across six continents and 75 industries use GetSwift’s SaaS platform to help deliver goods directly to consumers. GetSwift has grown rapidly, particularly as the Covid-19 pandemic has accelerated the need for retailers, restaurants, grocery stores and other businesses to optimize delivery within local areas. The GetSwift platform helps companies dispatch deliveries, track drivers, alert consumers, record payments, and ensure deliveries are completed. It also enables evolving delivery models such as contactless delivery and virtual drive-throughs.

GetSwift collects and processes consumers’ personal data, including address and payment information as well as buying preferences. The data management team ensures data is properly separated and secured, but they needed help automating activities to meet privacy compliance requirements and save time.

Download Case Study

Challenges

Unknown Requestors Submitting DSARs

GetSwift was being inundated with Data Subject Access Requests but was unable to confidently confirm the identity of requestors. They were concerned about providing sensitive personal data to the wrong people. They also worried about providing their data taxonomy, a key part of their intellectual property, to people who might be fishing for competitive intelligence.

Time-Consuming Data Collection

The team fulfilling DSARs often had trouble matching consumer requests with relevant data in their data stores because they didn’t have sufficient information. Confirming a data request and providing comprehensive, accurate results required escalation to upper level management and took time away from strategic priorities.

Solutions

GetSwift partnered with WireWheel for efficient, secure DSAR automation

After evaluating eight privacy technology vendors, GetSwift selected WireWheel because the team understood their goals and was able to be agile and move quickly. “We expect the partners that we work with to work as smart, quickly, and diligently as we do,” shared Rob Bardunias, Chief Operating Officer of GetSwift. “That’s what happened with WireWheel and it was really good to see.”

Trust Center and Identity Verification Process

GetSwift’s branded Trust Center provides three paths for visitors to submit DSARs, based on the residency of the requestor – California, Europe, or Brazil. Consumers can request access or deletion of their data or opt-out of its sale.

After a request is initiated with a simple web form, multi-factor authentication requires requestors to confirm their email address and then provide a photo ID with additional identifying information. GetSwift believes the verification process demonstrates to consumers that the company takes their data privacy seriously.

The verification requirements block fraudulent requestors from continuing the DSAR process so GetSwift only needs to spend time and energy on legitimate requests. With more information in hand, they can easily match a consumer with relevant data that has been collected and processed. There is less need for forensics to match consumers and data or escalations to managers to confirm requests are completed accurately.

Results

GetSwift now has peace of mind that information is going to the right people. A process that previously required a day to match customer requests with relevant data and provide information to the consumer now takes a fraction of that time.

  • 50% drop in DSARs to fulfill by blocking fraudulent requests
  • 90% of time to fulfill each DSAR request has been reclaimed

Download PDF