Data Subject Requests form the core of the workflows at Kertos for GDPR. In this chapter, we have a closer look at how to create, monitor and manage those requests. We want to dive deeper into the basic concept and show which functionalities you can use when working on your Data Subject Requests.
What are Data Subject Requests?
Data Subject requests are based on GDPR Articles 15-19. Based on this, the data subject (e.g. employee, customer etc.) has the right…
…of data access - the right that all personal data stored is made accessible to him/ her
…to rectification - the right that all personal data stored are rectified
…to erasure - the right that all personal data stored is deleted (within 30 days)
…to be notified - the right to be notified when the request has been fulfilled
This is the foundation for the DSR feature in Kertos. You can create and manage all requests (access, deletion, rectification, restriction, and unsubscription) from data subjects within Kertos.
Requests Page Overview
Under the "Requests" tab, you will find an overview of all your Data Subject Requests. Here you can track, search, filter, edit or add a new request. By clicking on one of the requests, you can enter the request’s detail view, to get more details about individual Data Subject Requests and their associated tasks.
Requests Detail View
Data Subject
Here you will find all relevant information about the Data Subject such as contact details followed by some information about the Data Subject Request.
You can also create and assign a tag in order to further differentiate DSRs.
Status
This is set to “todo” once the request is created and can be manually changed. There are 4 main status a request goes through:
Todo: request still needs attention and all associated tasks are in “to do”
In Progress: request is ongoing and tasks are open/in to do
Ready to Send: ready to send information to the data subject that the request has been executed
Done: the request is automatically set to done once the e-mail to the data subject has been sent
Request Details
This shows details such as assignee, the date it was created, the due date (which is set to 30 days per default but can be altered).
Processed Data Sources
This section shows an overview of Data Sources for which the DSR must be executed. Only when every Data Source has been processed the status of the DSR will be automatically set to “Ready to Send”.
The task of completing the request for a specific Data Source can be assigned to a member of your organization. For more information on how to process Data Sources in the context of a DSR, see this article.
Attachments & Comments
Last but not least, you can add attachments and comments that can be read, accessed by other admins of the platform.