data protection Archives - Naomi Korn Associates

By Cleo Everett, Information Services Coordinator

Now I am two months in to being an Information Services Coordinator at Naomi Korn Associates, I work every day with Data Subject Access Requests (DSARs), and am more confident in data protection than I thought I would be capable.

As a history graduate, I had never thought about Data Protection, let alone thought that I would, or could, work in a data protection and copyright company. This seems to be common, with many DPOs saying they ‘fell into the job’ rather than describing it as a vocation. The word ‘data’ itself seems daunting to anyone who hasn’t worked in this area before. I think it holds the misconceptions that it is very number heavy work, or you have had to study data protection regulations for years and have a master’s degree in law or economics or something similar. It can be a complex thing to comprehend if you are very new to it, but so is every job. When you work in hospitality, I like did, for the first time it will take you a month or so to find your feet and get used to the practices, but after a while it will become increasingly normal and manageable. The same is true for Data Protection and working with DSARs. Yes, it is daunting, but the vastness of information available is what makes it so interesting. When I have the time, I like to take advantage of the endless library of information available to me, including on the Information Commissioner’s Office (ICO) website and through our CPD accredited training courses. This means the ability to learn more about the subject is always there, and your knowledge will grow exponentially.

It has been eye opening how important DSARs are. When you work with DSARs, you are primarily working with people who are unhappy and going through a stressful period, and your job is to provide information which they are entitled to. There are several reasons why people make Data Subject Access Requests, it could be an unfair dismissal from work, they might need information from their school or university to help further a neurodivergence diagnosis, and many more reasons. On the flip side, redacting third party information from a document is working to protect another individual, potentially from harms way. If something has been said in confidence, you are working to ensure their safety. When I think of my job this way, I feel quite privileged to be able to support everyone’s right to access information held about themselves. Yes, it can be tiring reading so many documents, but without this service many people would feel completely out of control with their own lives and personal data.

The best thing that helped me learn how to handle DSARs is regularly shadowing colleagues. While ICO guidance is clear about exemptions and reasons for redacting data, it is still a fairly subjective task. Each case must be viewed within its own context, e.g.: Is it a child or a parent? Have they specified the data they would like to receive? Are there names of professionals known to them who can be kept in? Initially I struggled with these nuances, but the more DSARs I have gone through and had feedback on, the easier it is becoming. By shadowing colleagues and seeing the process so many times, it became familiar very fast. I still spend much of my time double checking with my managers that what I’m doing is correct, which feels slightly demoralising sometimes, but it helps immensely as it means for the last two months, I have been talking through my thought processes repeatedly and therefore instilling the practices in my head.

After my short time at Naomi Korn Associates, with a high volume of DSARs coming in, I have definitely developed my own practice. I’ve figured out that what works for me, especially in cases with large volume of documents. First I go through and sift out any documents which are out of scope to reduce the amount I will be working with and structure time effectively. As well as this, if you are working with large numbers of documents, take breaks! Taking a couple of five minute breaks to stretch your legs and take a breath is a necessity when you are reading so much, especially if the documents contain sensitive or upsetting information.

The main thing I wish I could tell myself in my first week of working in Data Protection is that it takes time. When you join a company as a complete newbie, you need to remind yourself that no one was born with this level of knowledge. It’s a skill that you develop overtime, just like anything else, and constantly learning and developing is what makes it interesting.

Where to Get Help

If you’d like to feel more confident handling DSARs, Naomi Korn Associates would be delighted to help!

Join our Key Data Protection Rights Course
Ideal for attendees who want practical, accessible training, this course will next run on 28 April (9:30am-1pm). Book your place now!

Or, if you’d rather outsource the whole process:

Outsourced Data Subject Access Requests (DSARs)
Our specialist team handles hundreds of DSARs every year and can support you at any stage of the process. Find out more here!