General Data Protection Regulation

Solutions - not problems

Much of the information available on the new GDPR discusses the problem statement. The increased accountability on business to protect personal identifiable information and to only retain and use it for the purposes it was given to you. There is an abundance of information on penalties that can be levied, the global scope of the regulation and the new obligations on data processors as well as controllers.

What is not abundantly available is actual technical solutions to some of the huge challenges that the GDPR presents for business. GDPR is not a technology problem - it is a business wide challenge - but ultimately technology will help ease the burden in a lot of cases.

Ddaas can provide actual solutions to some of the challenges. These are outlined below and the technical details of the solutions are available on request.

  • Subject Access Requests

    A Subject Access Requests (SAR) is a request to see a copy of the information you hold on record for a data subject. This may be an employee or a customer. You must respond to a SAR within 30 days. It must be complete and presented in a format that is easy to consume by the subject.

    A SAR can take a member of your team many days to prepare. Subject Access Requests threaten to tie up your entire team for months if you are not setup to deal with them at scale. The vast majority of businesses will not hit this challenge. A large scale flood of requests would only generally occur in the event of a significant publicised data breach. However, it would be wise to assess how you would respond to such a breach and how your business operations can cope with a spike in demand for SARs. Different workflows will be required for different types of SARs. For example a SAR from a disgruntled employee would require legal review as would any SAR in relation to a judicial case.

    If the "before" picture of managing a subject access request looks familiar to your organisation then please get in touch to understand how we can create the "after" picture.

    Our solution can reduce the majority of time and costs in dealing with SARs at scale. It can also deliver a self-service solution to your customers.

  • Consent for marketing communications

    In a complex business environment, customers can opt in to marketing information for different products on different channels (Web, SMS, Order Forms, Phone). How do you manage a request to erase data and a request to never contact the person again? What if your industry has other regulations to retain data for a period of time? Things can get very complex.

    Different teams within your business may run marketing or information campaigns on different schedules and a customer can end up getting multiple messages from the same company. When a customer opts out from marketing messages, it is important to opt them out from all possible sources – which may include third parties.

    GDPR also stresses that once the engagement for the service that caused the customer to provide their PII data has ended, they should be opted out of marketing correspondence and their data should be put beyond business use.

    If the "before" picture of managing marketing consent looks familiar to your organisation, get in touch to understand the "after" picture.

    Our proven solution centralises all marketing segmentation and outbound communications to any channel. Our GDPR solution then links in wiith our Business Marketing Analytics solution to measure the impact of each campaign, thus insuring your message is only hitting the right person at the right time.

  • Right to erasure

    Also known as the right to be forgotten, this gives an individual the right to request your organisation to delete all personal data and prevent processing in specific circumstances. It is generally a valid request if the data is no longer necessary for the purpose for which it was originally collected. If you organisation introduces an aggressive data retention policy then the frequency of such erasure requests should be very low.

    The diagram below conveys how complex and laborious the combined processes of erasure can be. Deleting data from a production system should never be done manually with adhoc scripts. Development will be required to build robust tools to enable this process to be carried out at scale. Get in touch with us to understand the "After" picture which is an automated, streamlined solution that integrates with all of your systems.

    Ddaas can integrate with your systems to trigger a series of requests to obfuscate or delete customer data and cenrally audit the progress and completion. Our solution will eliminate a large amount of effort and insure automated compliance with the GDPR with regards to requests for erasure.

Why we are different

We have a unique Platform and People offering that provides you a bespoke solution with our team time dedicated to you every month. This relieves your internal team of tasks they would prefer not to do and augments your team with our experts for continuity and support.

An extension of your team

We operate as an extension of your team. We bring the technology and expertise required to strenghten and evolve your compliance function, to protect your customers and your business.


Ddaas provide end-to-end support from conception to integration and beyond, ensuring your data is always available when you need it


We're ready to discuss how we can help you put your data to work