From the Subject Request section of the Ethyca Control Panel, your team can efficiently organize, process, and respond to the data subject requests that your company receives. We’ll now take a look at what a typical data subject request flow looks like using Ethyca.
On the backend of this Privacy Center, the Ethyca Control Panel empowers your business to manage data privacy effectively and automatically. From the Subject Request section of the Ethyca Control Panel, your team can efficiently organize, process, and respond to the data subject requests that your company receives. We’ll now take a look at what a typical data subject request flow looks like using Ethyca.
The expectation here, on the user’s side, is that they will be provided with all of the personal data that your company is currently processing about them. The obligation is that your company will provide this within a reasonable timeframe according to the specific data privacy law that applies in the user’s jurisdiction.
3. As soon as the user submits the details of their access request and verifies their identity through your Privacy Center, your team will receive the request in their Ethyca-powered Control Panel on the backend.
You can review all requests and their statuses in the “Subject Request” section of the Control Panel.
4. Once Ethyca has processed the user’s request, they will automatically receive an email confirming that it has been processed and providing them with a link to view and download all of the personal data that your company is currently processing. If no records of the user can be found in your databases, then the user will receive an automated email informing them that there is no data associated with the details that they have provided. They’ll also be prompted to provide alternative details if they still believe that their data is being processed by your company (for example, they may choose to enter a different email address when submitting the request).
5. After the user clicks on the download option in the email, they will be redirected to your company’s privacy centre. From here they will have access to view and download a copy of each category of personally identifiable information that your organization is processing about them.
If you have any questions about processing data subject requests or about using Ethyca’s data privacy platform, please feel free to reach out and we’d be happy to help!
A ‘data subject request’ is a request that a user can make in relation to the personal data which are being ‘processed’ about them by an organization. These requests are a fundamental part of a data subject’s rights and they are enforced by prominent data privacy law all over the world, such as General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Brazil’s Lei Geral de Proteção de Dados (LGPD). Failure to address data subject requests can result in serious fines and severely damage your company’s reputation. For these reasons, it’s crucial that every organization that processes personal data has an efficient system in place to manage them effectively.
Below is a list of the data subject rights imposed by GDPR, CCPA, and LGPD which afford the user certain entitlements that they can exercise by making a data subject request.
|• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object to processing
• The rights in relation to automated decision making and profiling
|• The right to notice
• The right to know
• The right to delete
• The right to data portability
• The right to opt-out
• The right to opt in (for minors)
• The right not to be subject to discrimination for the exercise of rights
|• The right to confirmation of the existence of the processing
• The right to access the data
• The right to correct incomplete, inaccurate or out-of-date data
• The right to anonymize, block, or delete unnecessary or excessive data or data that is not being processed in compliance with the LGPD
• The right to the portability of data to another service or product provider, by means of an express request
• The right to delete personal data processed with the consent of the data subject
• The right to information about public and private entities with which the controller has shared data
• The right to information about the possibility of denying consent and the consequences of such denial
• The right to revoke consent
Ethyca’s VP of Engineering Neville Samuell recently spoke at the University of Texas at Austin’s Texas McCombs School of Business about privacy engineering and its role in today’s digital landscape. Read a summary of the discussion by Neville himself here.
Learn more about all of the updates in the Fides 2.24 release here.
Ethyca’s Senior Software Engineer Adam Sachs goes through the thought process of creating Fideslang, the privacy engineering taxonomy that standardizes privacy compliance in software development.
Learn more about all of the updates in the Fides 2.23 release here.
Our Senior Software Engineer Dawn Pattison walks you through implementing data minimization into your business.
Learn more about all of the updates in the Fides 2.22 release here.
Our team of data privacy devotees would love to show you how Ethyca helps engineers deploy CCPA, GDPR, and LGPD privacy compliance deep into business systems. Let’s chat!Request a Demo