)
)
)
Create custom GDPR request forms
Tailor your request forms to match your specific needs.
Adapt them to your brand identity, include key legal disclosures, and choose the data fields relevant to each request.
Every form complies with the French Data Protection Act, ensuring that all rights requests meet CNIL requirements.
)
)
Never miss a GDPR deadline
Set up automated reminders for each incoming request.
Whether it’s a request for access, data portability, or the right to be forgotten, make sure you meet GDPR response deadlines.
With our built-in extension management feature, you reduce the risk of non-compliance while ensuring timely responses to data subjects.
)
)
)
)
Features designed for DPOs
Our platform includes powerful tools built to simplify the management of data subject rights.
Key features include:
Forwarding requests to the appropriate contact
Precise deadline tracking in line with CNIL guidelines
Customizable workflows to match your internal processes
Seamless DPO integration
… and much more!
All these features are designed to deliver strong, seamless GDPR compliance while making your day-to-day tasks easier.
)
)
Learn more
A data subject rights request is a submission made by an individual wishing to exercise one of their rights regarding their personal data. These rights include, among others, the right of access, the right to rectification, the right to data portability, the right to erasure, and other rights granted under the GDPR.
In essence, it allows individuals to maintain control over the personal data an organization holds about them.
Responding to a data subject rights request involves several key steps in accordance with the GDPR:
Identity verification: First and foremost, it is essential to verify the identity of the individual making the request to ensure they are indeed the data subject.
Request assessment: Once the identity is confirmed, assess the nature of the request: is it a request for access, rectification, erasure, or another right?
Processing: Act on the request accordingly. For example, for an access request, provide a copy of the personal data held. For a rectification request, update the information as requested.
Documentation: It is crucial to document each request and how it was handled to demonstrate compliance, especially in the event of an audit.
Communication: Notify the data subject of the outcome of their request — whether it has been accepted, modified, or denied — and provide clear explanations.
Any individual whose personal data is processed by an organization has the right to exercise their rights under the GDPR.
This includes customers, employees, suppliers, or any other individual whose data is held and processed by the organization.
Legal representatives may also exercise these rights on behalf of individuals who are unable to do so themselves, such as minors or persons under guardianship.
According to the GDPR, an organization must respond to a data subject rights request within one month of receiving it.
However, this period may be extended by an additional two months if the request is particularly complex or if the organization has received a high volume of requests.
In such cases, it is essential to inform the data subject of the extension within the initial one-month period, providing the reasons for the delay.
Explore more powerful features
)
)
)
)
