Skip to content
Submiting requests

Submitting privacy requests

Data subjects have several rights when it comes to the protection and processing of their personal data. These rights may vary depending on the specific data protection regulations applicable in a given jurisdiction, such as the European Union's General Data Protection Regulation (GDPR). But, here are some commonly recognized rights:

  • Right to Access: The user has the right to access the personal data that was collected and processed about them, and understand what purposes it was used for.
  • Right to Erasure: The user has the right to have all personal data deleted across the entire organization.
  • Right to Rectification: The user has the right to correct personal information that the user believes to be incorrect about them.
  • Right to Portability: The user has the right to obtain a machine-readable copy of their personal data such that it might be imported to another system.

To exercise these rights, data subjects typically submit a privacy request.

Privacy requests, sometimes referred to as a Data Subject Request (DSR or DSAR), are the rights afforded to a user whose data is processed by an organization.

The Privacy Center

Fides provides the Privacy Center for your subjects to submit privacy requests. The Privacy Center works out-of-the-box but, to learn how to customize the Privacy Center, please read our guide for configuring the Privacy Center.

Typically, the privacy center is accessed by clicking a link in the footer of your site or in your privacy policy.

Note: you should provide at least two methods for a user to submit a privacy request, typically this is via the privacy center and by email.

Example of privacy link in footer

Here's an example showing the sample privacy center for the "Cookie House" demo project:

Standard Privacy Center

To submit a privacy request, the data subject must identify themselves using either their email address or phone number, depending on the Privacy Center configuration:

Submitting a Privacy Request

If Subject Identity Verification is enabled, the data subject will receive an authentication code that they can use to confirm their identity.

Below is an example of the email received for the "Cookie House" sample project:

Submitting a Privacy Request

The subject provides the code when prompted on the privacy center to verify their identity:

Submitting a Privacy Request

And, when confirmed, the privacy request is submitted for review and processing.

Next up: Receiving privacy requests!