Skip to content
Privacy Requests

Overview: Privacy requests

In this guide, we'll walk through what a privacy request is and how to get started receiving, managing and processing incoming privacy requests.

What are privacy requests?

Privacy requests, also known as Data Subject Requests (DSRs or DSARs), are requests from data subjects to access, modify, or delete any personal data that an organization may hold about them.

In privacy parlance, a data subject is the owner of the personal data that has been collected by your organization. Data subjects are often your customers or website consumers.

The workflow

Here is the flow for a typical privacy request:

The privacy request workflow

At the end of this guide, you should feel empowered to:

  1. Configure the privacy center so that verified data subjects can submit requests
  2. Review and automate privacy request processing
  3. Configure the integrations and policies that power privacy requests

Submitting & receiving requests

Data subjects have several rights when it comes to the protection and processing of their personal data including the right to file access and erasure requests. To learn how your consumers submit these requests, please see our guide for Submitting privacy requests.

And, businesses are required by law, in many regions, to provide an interface to their data subjects so that they can exercise their privacy rights by submitting privacy requests. To learn more about how to configure the Privacy Center to receive privacy requests, please see our guide for Receiving privacy requests.

Reviewing privacy requests

Once a privacy request has been received, your team will need to review the privacy request and make a determination for how to process it. To learn more about what choices are available and how to use our Privacy Request interface, please see our guide for Managing privacy requests.

Processing privacy requests

In order to ensure that the legal obligation has been fulfilled, a privacy request must be submitted to all databases or third party SaaS applications that process personal data. To learn how to configure Fides to submit these requests to your data stores, please see our guide for Processing privacy requests.

Communicating request status

While handling privacy requests, you'll often need to update consumers on the processing status of their request. For example, you might need to communicate that a request has been received or that there was an error. In order to tailor these messages for your brand and consumers, please see our guide for configuring privacy request emails.