The following steps are taken within the DSR Workbench to ensure smooth and easy DSR request fulfillment by an organization:
A branded, customer-facing web form can be set up within minutes for an organization’s users to efficiently and securely submit DSR requests.
This webform is compatible and optimized to function on multiple platforms such as computers, mobile phones, pads, etc. The organization can set it up with customizable lists, entry fields, radio buttons, and content windows to simplify an organization’s users’ request process.
With various global laws on data privacy providing different types of rights, all requiring other compliance actions, The PrivacyOps platform provides a library of ‘regulation specific DSR entry forms. These forms are formatted and customized to the jurisdiction (and the specific rights granted by that jurisdiction) from which data subjects might come. This is further enhanced with local language support, allowing the entry form to be available in multiple languages to provide maximum comfort and ease to an organization’s users.
This entry form is secured from identity fraud and malicious access with a robust and innovative identity verification process.
Organizations can also set up 3rd party ID verification services – to ensure specialized ID verifications as per industry requirements can be met.
An organization’s members can also fulfill Non-digital DSR requests. They can create DSR requests on behalf of customers through the DSR dashboard itself.
Once a DSR request is received and verified, it can be approved by the organization- making a DSR ticket within the secure privacy portal – and it shall set up a series of tasks and subtasks which can be fulfilled by the organization manually, or it may choose to have them fulfilled through AI-powered robotic automation and next-generation data intelligence.
The next step is for the platform to build personal data graphs (PDGs) or utilize existing ones.
Customers’ personal data can easily migrate or duplicate across various operations or systems in many large organizations. From CRM applications to random spreadsheets and PDFs – customer personal data used, processed, or stored in these multiple systems need to be accounted for when fulfilling DSR requests (i.e., access, deletion, and rectification requests).
Through the PrivacyOps approach, innovative data intelligence powered by AI automatically discovers and links personal data across various data systems and processes. This automated discovery and linking of customers’ personal data scattered around in an organization’s multiple systems and processes to unique customer IDs allows organizations to build comprehensive ‘People Data Graphs’ (PDGs) which record and keep track of all the various systems and processes where a particular customer’s personal data is being used, processed or stored.
PDGs provide organizations with comprehensive and foundational snapshots required to efficiently fulfill DSR requests and a myriad of other privacy functions such as breach notification management. PDGs also highlight and extract all sensitive personal data categories directly from an organization’s data stores. This functionality allows DSR access and confirmation requests to be fulfilled quickly and efficiently.
When a verified DSR request is received from a customer and PDGs are created to find the concerning personal data of the requesting data subject, AI-powered robotic automation then automatically creates tasks and subtasks for subject matter experts to complete based on the DSR request type.
An organization may choose to create these tasks or subtasks themselves or approve the ones made through robotic automation. All tasks and subtasks have owners assigned. These owners must complete their tasks to meet the DSR deadline. Each privacy law has its own deadline for DSR request fulfillment.
Thus, an organization’s DSR fulfillment process becomes a very efficient mechanism under the PrivacyOps approach because of the above. All the owners and stakeholders need to do is approve the tasks and subtasks – created through robotic automation – to see customer DSR requests get fulfilled without wasting precious human resources or risk of non-compliance within the strict deadlines provided by the laws.
Multiple system owners can be invited onto one secure platform. This platform is called the “DSR Workbench.”The workbench is used to collaborate on creating or approving tasks to fulfill DSR requests.
The DSR workbench is secure and has an integrated messaging system for collaborative working to eliminate the risk of data sprawl. The DSR workbench also organizes tasks for different system owners, utilizing internal regulatory knowledge to ensure DSR requests are approved and fulfilled quickly.
Along with customizable forms for DSR intake and a workbench to process those requests, organizations also need to ensure that the reports and responses upon DSR fulfillment are securely handed back to the verified data subjects. If a DSR fulfillment report is provided to any individual other than the data subject (or an authorized representative of the data subject), regulatory authorities would consider it a breach of personal data.
The PrivacyOps approach utilizes a secure DSR portal for data subjects. They can access this portal with credentials to: