GetSwift Slashes DSAR Fulfillment Time With WireWheel
GetSwift collects and processes consumers’ personal data, including address and payment information as well as buying preferences. The data management team ensures data is properly separated and secured, but they needed help automating activities to meet privacy compliance requirements and save time.
As new regulations are constantly changing how data needs to be treated, we need to stay on top of that, but it’s not our core competency. We did a robust analysis of building a system ourselves, but it just wasn’t something we could maintain.
Chief Operating Officer
Unknown Requestors Submitting DSARs
GetSwift was being inundated with Data Subject Access Requests but was unable to confidently confirm the identity of requestors. They were concerned about providing sensitive personal data to the wrong people. They also worried about providing their data taxonomy, a key part of their intellectual property, to people who might be fishing for competitive intelligence.
Time-Consuming Data Collection
The team fulfilling DSARs often had trouble matching consumer requests with relevant data in their data stores because they didn’t have sufficient information. Confirming a data request and providing comprehensive, accurate results required escalation to upper level management and took time away from strategic priorities.
GetSwift partnered with WireWheel for efficient, secure DSAR automation
Trust Center and Identity Verification Process
GetSwift’s branded Trust Center provides three paths for visitors to submit DSARs, based on the residency of the requestor – California, Europe, or Brazil. Consumers can request access or deletion of their data or opt-out of its sale.
After a request is initiated with a simple web form, multi-factor authentication requires requestors to confirm their email address and then provide a photo ID with additional identifying information. GetSwift believes the verification process demonstrates to consumers that the company takes their data privacy seriously.
The verification requirements block fraudulent requestors from continuing the DSAR process so GetSwift only needs to spend time and energy on legitimate requests. With more information in hand, they can easily match a consumer with relevant data that has been collected and processed. There is less need for forensics to match consumers and data or escalations to managers to confirm requests are completed accurately.
We now insist upon a few verification steps to ensure the person is who they say they are. These are smart, necessary steps to protect the end consumer and also to protect our company from having to deal with fraudulent claims and the liability of those claims.
Chief Operating Officer
50% drop in DSARs to fulfill by blocking fraudulent requests
90% of time to fulfill each DSAR request has been reclaimed