Case Study

GetSwift Slashes DSAR Fulfillment Time With WireWheel

Companies across six continents and 75 industries use GetSwift’s SaaS platform to help deliver goods directly to consumers. GetSwift has grown rapidly, particularly as the Covid-19 pandemic has accelerated the need for retailers, restaurants, grocery stores and other businesses to optimize delivery within local areas. The GetSwift platform helps companies dispatch deliveries, track drivers, alert consumers, record payments, and ensure deliveries are completed. It also enables evolving delivery models such as contactless delivery and virtual drive-throughs.

GetSwift collects and processes consumers’ personal data, including address and payment information as well as buying preferences. The data management team ensures data is properly separated and secured, but they needed help automating activities to meet privacy compliance requirements and save time.

As new regulations are constantly changing how data needs to be treated, we need to stay on top of that, but it’s not our core competency. We did a robust analysis of building a system ourselves, but it just wasn’t something we could maintain.
Rob Bardunias
Chief Operating Officer

Challenges

Unknown Requestors Submitting DSARs

GetSwift was being inundated with Data Subject Access Requests but was unable to confidently confirm the identity of requestors. They were concerned about providing sensitive personal data to the wrong people. They also worried about providing their data taxonomy, a key part of their intellectual property, to people who might be fishing for competitive intelligence.

Time-Consuming Data Collection

The team fulfilling DSARs often had trouble matching consumer requests with relevant data in their data stores because they didn’t have sufficient information. Confirming a data request and providing comprehensive, accurate results required escalation to upper level management and took time away from strategic priorities.

Solutions

GetSwift partnered with WireWheel for efficient, secure DSAR automation
After evaluating eight privacy technology vendors, GetSwift selected WireWheel because the team understood their goals and was able to be agile and move quickly. “We expect the partners that we work with to work as smart, quickly, and diligently as we do,” shared Rob Bardunias, Chief Operating Officer of GetSwift. “That’s what happened with WireWheel and it was really good to see.”

Trust Center and Identity Verification Process

GetSwift’s branded Trust Center provides three paths for visitors to submit DSARs, based on the residency of the requestor – California, Europe, or Brazil. Consumers can request access or deletion of their data or opt-out of its sale.

After a request is initiated with a simple web form, multi-factor authentication requires requestors to confirm their email address and then provide a photo ID with additional identifying information. GetSwift believes the verification process demonstrates to consumers that the company takes their data privacy seriously.

The verification requirements block fraudulent requestors from continuing the DSAR process so GetSwift only needs to spend time and energy on legitimate requests. With more information in hand, they can easily match a consumer with relevant data that has been collected and processed. There is less need for forensics to match consumers and data or escalations to managers to confirm requests are completed accurately.

We now insist upon a few verification steps to ensure the person is who they say they are. These are smart, necessary steps to protect the end consumer and also to protect our company from having to deal with fraudulent claims and the liability of those claims.
Rob Bardunias
Chief Operating Officer

Results

GetSwift now has peace of mind that information is going to the right people. A process that previously required a day to match customer requests with relevant data and provide information to the consumer now takes a fraction of that time.

50% drop in DSARs to fulfill by blocking fraudulent requests

90% of time to fulfill each DSAR request has been reclaimed

Solutions for any stage of your privacy journey

     Contact Us

(202) 850-0842

Submit a Question

Access Our Developer Portal