OneTrust’s Enhanced Data Subject Access Rights (DSAR) Portal Automated Over 10,000 Requests in Post-GDPR Era

With OneTrust, Organisations Globally Have Scaled Their Privacy Programs to Meet the Increased Demands of Data Subjects 

OneTrust, the global leader in privacy management and marketing compliance software, today announced its data subject access rights (DSAR) tool has helped organizations handle more than 10,000 requests within two weeks of the General Data Protection Regulation (GDPR) go-live date of 25 May.

“Expanded rights for data subjects are a positive step forward in GDPR, however, can be a manual and complicated obligation for organizations to handle appropriately,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP).

Kabir added, “That’s why we built the OneTrust DSAR portal to automate and record the full lifecycle of data subject requests. Privacy and IT teams are now equipped with a highly scalable tool to automate processing those requests. Like all of our products, our DSAR solution is designed based on deep privacy research and a firm understanding of the requirements under GDPR and is deeply integrated with our data mapping, PIA/DPIA and other privacy management modules.”

Recommended Read: Convince Mozilla About Risks of AI and Drive Home with $225,000

OneTrust’s Data Subject Access Rights Tool Gives Organizations More Options to Customize and Automate Workflows

OneTrust’s Data Subject Access Rights tool is based on deep privacy research and gives an organization a scalable and secure way to handle individual rights requests from customers, employees, partners and other data subjects under the GDPR. Recent updates to OneTrust’s DSAR tool gives organizations more options to customize and automate workflows, offers built-in translations to 100+ languages and enhances reporting and metric capabilities.

Read More: Key Martech-Focused Takeaways from Mary Meeker Internet Trends 2018

The GDPR outlines nine distinct rights for data subjects, including data portability, access, erasure, and rectification. Providing this service manually can require complicated and time-consuming internal actions, from processing the request, verifying the data subject’s identity, locating the data and responding in a timely fashion.

Under the accountability principle, GDPR also requires that organizations be able to demonstrate compliance with their obligations. This means organizations may need to produce records that data subject access requests have been handled appropriately, which can be an additional laborious process if done manually.

The OneTrust DSAR portal helps companies automate data subject requests. Data subjects can submit their request through a branded web form embedded in an organization’s privacy policy. The requests are added to a queue for privacy and IT teams to complete via automatic, customizable and pre-configured processes.

If the company needs to communicate with or get additional information from the data subject, they can utilize secure, encrypted messages right from the OneTrust platform. The web form is available in 100+ languages and the data subject can select their preferred language for all communications.

OneTrust helps organizations automate DSAR requests in five steps —

Request intake

Data subjects make their request and upload a copy of their identification. Once submitted, the request is recorded into the OneTrust platform for processing.

Assignment workflows

Companies can then validate the data subject’s identity, start assignment workflows across internal teams and track deadlines. OneTrust will automatically request an extension if the one-month deadline is approaching.

Find the data

ith integrations into the OneTrust Data Mapping tool, as well as an automation API, companies can locate the subject’s data and process it based on the request. OneTrust also links with internal IT service management tools to consolidate requested information across multiple services.

Communicate responses

Throughout the process, organizations can easily communicate with the data subject through secure, encrypted communications from the OneTrust platform. Once the request has been completed and the data subject is satisfied, settings allow for attachments to be automatically deleted and the user’s access to the portal is automatically revoked after a certain time.

Metrics and reporting

From the OneTrust platform, organizations can review responses received, average turnaround time and cost metrics about all requests received.

DSAR Customized Workflows Can Automatically Create Sub-Tasks to Business and IT Owners

The process can be tailored in OneTrust to reflect the unique structure of the organization. These customized workflows can automatically create sub-tasks to business and IT owners, request the submission of necessary information and can control the access, editing and advancement of the request. For compliance purposes, OneTrust maintains a full audit trail of any changes made on a request.

 Currently, OneTrust is the global leader in privacy management and marketing compliance software. OneTrust helps organisations implement GDPR requirements, including Data Protection by Design (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Universal Consent and Preference Management, ePrivacy Cookie Consent, Data Subject Access Rights, Portability and Right to Be Forgotten.

Recommended ReadContextual Content and AI: The New Wingmen for Email Marketing Campaigns