Data Subject Access Rights (DSAR) Portal

Full Lifecycle Automation from Request Intake to Fulfilment and Record Keeping

View Pricing Request Live Demo

Relevant GDPR Articles

  -  Article 12: Exercise of the Rights of the Data Subject

  -  Article 13, 14: Right to Be Informed

  -  Article 15: Right to Access

  -  Article 16: Right to Rectification

  -  Article 17: Right to Erasure (“Right to be Forgotten”)

  -  Article 18: Right to Restriction of Processing

  -  Article 19: Notification Obligation

  -  Article 20: Right to Data Portability

  -  Article 21: Right to Object

  -  Article 22: Object to Automated Individual Decision Making

  -  Article 7(3): Right to Withdraw Consent

View Video
Watch 5 Minute DSAR Demo Video  Play Video

Data Subjects Rights Trigger the Highest Penalties and Risk of Class Actions

The General Data Protection Regulation (GDPR) outlines nine distinct rights of data subjects that must be received, fulfilled, and documented by organizations. The complexities lie in the varying types of requests, finding the data to fulfill the request, the vast and granular exception cases when the request does not need to be fulfilled, as well as the documentation, response times, extension requests, identity validation, and security requirements of how the requests are fulfilled.

A little-known fact about the GDPR is that it includes two separate tiers of fines for non-compliance: the first tier is a fine of up to 2% of global revenue (or 10M EUR,) and the second tier is a fine of up to 4% of global revenue (or 20M EUR). Infringements of data subject rights trigger the highest 4% tier (Article 83(5)).

In addition to these penalties, data subjects also have the right to receive compensation for damages suffered. What’s worrisome is that these claims are not subject to the penalty cap in GDPR; they are in addition to the penalties and are to be proportionate to the harm to the data subject.

Data protection authorities are investing in public relations and communications campaigns to educate the public about these new, important rights. As a result, many organizations speculate that this may create an industry around class action lawsuits, increase the volume of requests received, and draw scrutiny on how organizations handle, fulfill, and record data subject requests.

OneTrust End to End Workflow Automation and Record Keeping Solution

End to End Workflow

To comply with the new data subject rights set forth in the GDPR, organizations should make it easily accessible for data subjects to submit requests. OneTrust provides a standardized way for privacy programs to receive requests, and manage them in a centralized system.

OneTrust provides organizations with the ability to tailor a branded web form – linked from the company’s privacy policy web page – as well as the ability to receive notification of a submitted request, validate the identity, and automatically file an extension if the one-month deadline is approaching. When the request is fulfilled, the organization must securely transmit the data to the individual, link it to the underlying data map to efficiently fulfill the request, and generate the proper documentation and evidence should a regulator inquire about the request.

Request Intake via a Fully Customizable Portal

Create a Request Intake Web Form and Portal

Create a Request Intake Web Form and Portal

Build and configure web forms to capture data subject requests based on regulation-specific requirements.


Integrate the DSAR Portal Into Your Websites

The OneTrust-generated web forms can be fully tailored and integrated into your website with a single line of code.

Out-of-the-Box Multilingual Templates

Out-of-the-Box Multilingual Templates

The OneTrust privacy research team has developed various Data Subject Request templates with default settings, available in multiple languages. Start from one of these or build your own in the easy-to-use drag-and-drop interface.

Hosting Flexibility: EU Cloud, US Cloud, or On-Premises in Your Datacenter

Hosting Flexibility: EU Cloud, US Cloud, or On-Premises in Your Datacenter

Containerize and isolate your data in the residency location or data center of your choice. Migrate between cloud and on-premise at any time if your requirements change.

Automated Assignment Workflows

The process of receiving and fulfilling requests requires automating workflows for the privacy team, business users, and data subjects. OneTrust allows you to define the end-to-end subject request process from assignment to review and approval.



Validate the Requestor’s Identity

Validate the Requestor’s Identity

Validate the data subject’s identity through internal systems, API Integrations, customer service processes, and third-party validation services.

Assignment Routing Workflows

Assignment Routing Workflows

Assign subject requests to other privacy officers, IT teams, or business users based on the type of request, and where the data resides in the company’s applications.

Track Deadlines and Automatically File an Extension

Track Deadlines and Automatically File an Extension

Document and communicate the justification if more time is needed to fulfill the request, and use the OneTrust platform to automatically file the extension if the deadline is approaching.

Finding the Data and Fulfilling the Request

Validate the Requestor’s Identity

Link to Underlying Data Map

Search within the data inventory and map within OneTrust, or from external sources, to easily find, modify, or erase subject data.

Integrate with IT Service Management Tools

Integrate with third party service management tools like ServiceNow or BMC Remedy to identify, track, and fulfill requests sent to IT teams.

Consolidate Requested Information from Multiple Sources

Use OneTrust to consolidate requested information from multiple disjointed approaches into a singular, unified message to the data subject.

Securely Communicate Responses to Data Subjects

Secure Messaging

Secure Messaging

OneTrust’s secure messaging portal transmits a notification to a data subject via encrypted channels to protect the communications and information being provided.

Two-Factor Authentication

Enable two-factor authentication for an additional layer of verification and security on the data subject.

Read Receipts and 2-Way Collaboration

Track and notify when your responses are read, and track follow-up requests and messages linked back to the same data subject.

Compliance Reporting, Trends, and Analytics Dashboard

Report on Compliance

Report on Compliance

OneTrust helps you maintain a complete record of data subject request activities to demonstrate compliance with data protection regulations. Capture data subject contact information, details of the request, when and how the request was completed, and your response to the request.

Calculate Costs

Calculate Costs

Granularly track the raw cost of fulfilling each request to understand where further automation investments may be necessary.

View Trending Information in Visual Dashboards

View Trending Information in Visual Dashboards

Quickly view and manage data subject requests in a centralized dashboard. OneTrust provides full visibility to monitor the volume of requests, fulfillment status, and any aging requests or outliers.

Why OneTrust Data Subject Rights?

- Insightful metrics into request costs and trends for clear value and internal ROI metrics
- Deep regulatory guidance-based privacy research, reporting, and built-in templates
- Option for self-service deployment or additional support from the OneTrust implementation team
- Fully scalable solution for small and medium businesses to large multinational enterprises
- Multi-lingual product translated by OneTrust’s in-house, privacy-trained localization team
- Flexible and modular pricing structure to meet program maturity and budgetary uncertainties
- Out-of-the-box ready solution with a highly tailorable and customizable platform
- Deployment flexibility in EU cloud, US cloud, or on-premises with the ability to migrate
- Available as stand-alone module or as part of OneTrust’s comprehensive and integrated platform