Handling Data Subject Requests (DSRs) can be a complex process, but it’s essential for compliance with global privacy regulations like GDPR. DSRs encompass a range of requests, including Data Subject Access Requests (DSAR), rectification, erasure, restriction of processing, data portability, and objections to processing.
To simplify this process, we’ve created the Data Subject Rights Management Tool. Our tool is designed to streamline the entire DSR process, automate workflows, and reduce manual effort, making compliance easier for you and your organization.
Understanding DSR
In a nutshell, Data Subject Requests (DSRs) provide individuals with the ability to exercise their privacy rights. This is because the GDPR and other privacy regulations grant data subjects individual rights, such as:
Right to be Informed: You must inform users about the collection and use of their data.
Right of Access: Users have the right to access their personal data and information about its processing. This is also called Data Subject Access Request (DSAR).
Right to Rectification: Users can request correction of inaccurate or incomplete data.
Right to Erasure: Users can request deletion of their data when it is no longer needed or if they withdraw consent.
Right to Restrict Processing: Users can limit how their data is processed in certain circumstances.
Right to Data Portability: Users can obtain and reuse their personal data for their own purposes across different services.
Right to Object: Users can object to certain types of data processing, such as direct marketing.
Rights Related to Automated Decision-Making and Profiling: Users can opt out of decisions made solely by automated processes.
While DSRs are commonly used for GDPR-related requests, they also apply to other privacy laws, such as those in the US. Currently, our tool supports GDPR requests, but we will extend support to other legal requirements in upcoming updates.
For more detailed information, check out our comprehensive guides:
Our Data Subject Rights Management Tool is specifically designed to help businesses manage data subject requests efficiently and effectively. It simplifies the process of handling requests, ensuring that your organization remains compliant with privacy laws. Additionally, it simplifies things for data subjects by offering a clear and straightforward way to submit requests. Instead of sending emails, data subjects can simply click on the footer link and fill out a form.
Key features include:
Quick setup: Easily activate the Data Subject Rights Management Tool from your dashboard and embed the request form where needed.
Automated workflows: Guided process from submission to completion, ensuring no steps are missed.
Full coverage: Our tool helps support a range of DSRs including requests for access, rectification, erasure, and portability of personal data.
Detailed requests: Access comprehensive details of each request.
Secure user access: Control who can view and manage data subject rights data.
Transparent record-keeping: Maintain detailed logs of all actions for legal and ethical compliance.
⚠️ iubenda’s Data Subject Rights Management Tool is included in the Ultimate Plan and can be activated with one click. No configuration needed.
1. Activate the Data Subject Rights Management Tool
From your iubenda Dashboard, simply click on “Activate”
⚠️ Once you’ve activated the Data Subject Rights Management Tool, be sure to click on the “Embed” button within the DSR tile to proceed with the form embedding. If you don’t do so, you won’t be able to receive any data subject requests. See below how to embed your Data Subject Rights Management Tool ⬇️
2. Embedding the Tool
💡 Remember, having a clearly visible form allows data subjects to easily submit their requests.
After activation, click on “Embed” to integrate the request form.
Next, in this section, you’ll find all the options to embed the form:
Direct Link: Use a direct link if you wish to send your users to your form directly. Copy it, and then paste it strategically on your website, intranet, or wherever else you need it.
Add a Widget to the Footer: Use the provided code to embed the form directly on your site. You can choose to have the button in white, black, or remove the styling altogether. Just copy and paste it in the body of your website, wherever you wish to display the button. When users click this button, the form will open in a modal.
Embed the Form in the Body: Embedding the form directly into the body of your webpage integrates it as if it were part of your website. For this, copy the JavaScript snippet and paste it into the HTML of the specific page you’ve designated for this purpose.
Where do I put the DSR form link?
That depends entirely on you. But the rule of thumb is your site’s footer. It’s a good way for it to be seen from every page.
3. Request Submission
Data subjects can exercise their privacy rights using iubenda’s Data Subject Rights Management Tool by following these steps:
Fill out the request form with their full name, email address, and, if applicable, the details of the person they are representing.
Select their country and the type of request (such as access, correction, erasure, data portability, processing restriction, objection, or issues related to automated decisions). 👉 Learn More About the GDPR Rights
Clearly detail their request in the provided field.
Click “Submit Request”.
After data subjects submit their request, they will see a message that says, “Your request has been successfully submitted.” This means you have received their request and will start processing it.
If they need to submit another request, they can click the “Send another request” button.
3.1 Appointing a Data Subject Request Manager
❗️ Direct Appointment Through Our Tool
Appoint a Data Subject Request Manager efficiently and seamlessly within our tool, making the process smoother and more integrated. This eliminates the need for a separate appointing form.
Dashboard Access Message
When someone without the necessary permissions tries to access the DSR Management Dashboard, they’ll see this message:
You don’t have the necessary permissions to access this tool.
DSR Management Dashboard access is limited to Data Subject Request Managers only. If you require access to this dashboard, please contact the account admin to request a Data Subject Request Manager role. For admins, role management can be handled via the ‘Teams’ section located in the ‘Account & Billing Info’ page.
Steps for Admins
Go to ‘Teams’: This is found in the ‘Account & Billing Info‘ page in the top right drop-down menu.
Assign the Role: Click on “+ Add user” and then choose the appropriate team member to be the Data Request Manager by entering their email address.
Send Invitation: The chosen member will receive an email to accept this role.
Role Acceptance: Once accepted, they can access the DSR Management Dashboard.
4. Data Subject Request Dashboard
When a data subject submits a DSR, you will receive an email notification, and even a series of reminders if the status has not been updated, in order to comply with the legally required timeframe for response. The request will appear in your Dashboard, showing the submission date and request details (Creation Date, Type, Subject, Status and a Detail Icon).
From this “Request details” panel, you have the capability to assign different statuses, add notes, and see the full history for each request, helping you track the different phases of request processing.
The status of each DSR is clearly marked, making it easier to track where each request stands in the process, to monitor progress and ensure timely responses.
Step-by-Step Status Confirmation
Review Before Proceeding: A Data Subject Request Manager must review and confirm the current status before moving to the next. This ensures that each phase of the request is properly handled.
Confirmation Required: It’s not possible to skip ahead without confirming the current status. This adds an extra layer of diligence to the process.
Option to Leave Notes
Add Context: Data Subject Request Manager can now leave notes for each status. This is great for adding details or context, making the request handling more transparent and informative.
Easy Tracking: These notes help keep a clear record of thoughts, actions, and decisions made at each stage.
Detailed Log for Every Request
Chronological Order: At the bottom of the details modal of each request, you’ll find a detailed log. This log lists all the status changes in chronological order.
Full History: This feature provides a complete history of each request’s journey through the process, making it easier to review and understand the actions taken.
These updates to status management and the addition of a detailed log improve the overall process of managing DSRs. They provide clarity, ensure accountability, and make it easier to maintain a thorough record of each request’s handling.
Consider that each status in the data subject request process represents a specific stage. Here’s what they mean and how to manage them:
Received: This request has been received. Please proceed to the next step as soon as possible. Remember, you must provide feedback to the sender within one month of receiving the request.
Processing: It is time to process the request. During this phase, you may request additional information from the requester to verify their identity or to fulfill the request. Remember, you must provide feedback without undue delay and in any case within one month of receipt of the request. If you need more time to fully process the request or decide not to act on it, you must inform the sender of the reasons within the same time frame.
Feedback Provided: You have processed the request, and it is now time to reply and provide information on the action taken. Remember, you must provide feedback without undue delay and in any case within one month of receipt of the request.
Completed: You have performed all the necessary activities and this request can be considered fulfilled. Evaluate whether further activity is needed for the follow-up or for internal purposes, before moving on to deletion.
Information Deleted: Now that you have fulfilled the request you can decide to delete the information provided through the form. Please note that this is a permanent action, consider carefully whether you want to proceed with the deletion since there might be valid legal reason to retain them.
💡 With iubenda’s Data Subject Rights Management Tool, managing data subject requests has never been easier. Stay compliant, save time, and reduce manual effort with our automated, user-friendly solution.
Don’t let the complexity of DSR compliance overwhelm you
Activate our DSR Management Tool today and streamline your data subject request processes with ease