SlideShare a Scribd company logo

How to Manage GDPR Access Requests. GDPR DSAR SAR DSR Framework from Feroot

I
Ivan Tsarynny

The document discusses the requirements organizations must meet to comply with the General Data Protection Regulation (GDPR) and ensure they respect customer privacy and fulfill individuals' data subject rights, including how to assess an organization's compliance posture, enable rights like access, rectification, erasure and data portability, and establish processes to fulfill GDPR requirements.

Technology
1 of 11
Download to read offline
[GDPR is Here. Privacy Matters More than Ever 75% will not buy a product from a company, no matter how great the products are, if they don’t trust the company to protect their data… " 2018 IBM, Harris Poll
Now your company apps, SaaS and AI systems have Bob’s data. And, you have new obligations under Article 7, 12 to 23. • Can Bob withdraw consent as easily as he gave it? • How can he request data erasure (‘be forgotten’)? • Can people request restriction of processing? • How can they request rectification? • How can they request data export? • How can you say NO to SAR and Defend it? More… [Great News! Bob is Your Customer
[GDPR DSR – Data Subject Rights Framework
[Requires a Comprehensive Approach
[Establish Processes for Fulfilling GDPR Art. 12 to 23
Respect Customers An Intuitive self-serve privacy preferences Customer Experience Drafted by Lawyers Bob Smith Bob33@gmail.com M WC2N 5DU [
Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 1. Are you processing personal data of EU data subjects where the processing activities are related to monitoring of their behavior or offering of goods or services to residents of European Union directly by your company or on behalf of your customers? (As defined by GDPR Article 3) 2. How do you demonstrate compliance with the Article 5 Principles of Processing Personal Data: • data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; • processed lawfully, fairly and in a transparent manner; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’); • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 3. How do you demonstrate proof that data subject has consented to processing of his or her personal data? 4. How can data subject withdraw his or her consent at any time as easily as they gave their consent?
Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 5. How do you facilitate the exercise of data subject rights under Articles 15 to 22? 6. How do you demonstrate that Data subject rights don’t diminish regardless how many parties are involved in data processing? 7. How do you demonstrate a proof that, at the time when personal data are obtained, data subjects where provided with all of the following information as per Article 13, including: • the right to withdraw consent at any time • the identity and the contact details of the controller and, where applicable, of the controller’s representative; • the contact details of the data protection officer, where applicable; • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; • where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party; • the recipients or categories of recipients of the personal data, if any; • where applicable, the fact that the controller intends to transfer personal data to a third country or international organizations.
Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 8. How do you provide data subject or the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information as per Article 15: • the purposes of the processing; • the categories of personal data concerned; • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; • the right to lodge a complaint with a supervisory authority; • where the personal data are not collected from the data subject, any available information as to their source; • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 9. How do you enable data subjects to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds in Article 17 Paragraph 1 applies? 10. How do you enable data subjects to obtain from the controller restriction of processing where one of the grounds in Article 18 Paragraph 1 applies? 11. How do you communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed as mandated by Article 19? 12. How do you provide personal data to the data subject concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and facilitate the right to transmit data to another controller without hindrance from the controller to which the personal data have been provided as outline in Article 20?
Privacy Compliance Matters More Than Ever[ • Grow Customer Loyalty and Trust • Reduce Privacy Compliance Costs • Mitigate Penalties

Recommended

GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
Sage HR
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Consent Management Platform
Consent Management PlatformConsent Management Platform
Consent Management Platform
Martyn Ripley
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18
Jon Rathbone
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolPaul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Sagittarius
 
Tackling GDPR in Sitecore Versions 8 & 9
Tackling GDPR in Sitecore Versions 8 & 9Tackling GDPR in Sitecore Versions 8 & 9
Tackling GDPR in Sitecore Versions 8 & 9
Sagittarius
 

Recommended

GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
Sage HR
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Consent Management Platform
Consent Management PlatformConsent Management Platform
Consent Management Platform
Martyn Ripley
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18
Jon Rathbone
 
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore ToolPaul Stephen - GDPR The Opportunity & Sitecore Tool
Paul Stephen - GDPR The Opportunity & Sitecore Tool
Sagittarius
 
Tackling GDPR in Sitecore Versions 8 & 9
Tackling GDPR in Sitecore Versions 8 & 9Tackling GDPR in Sitecore Versions 8 & 9
Tackling GDPR in Sitecore Versions 8 & 9
Sagittarius
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
Liviu Claudiu Cismaru
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
Quotient Consulting
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
Srijan Technologies
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
MSC Malaysia Cybercentre @ Bangsar South City
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
legalPadmin
 
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
Precisely
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
khenghoe
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
GreenRope
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Iain Wicks MCIPR
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
Precisely
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
Hairul Hafiz Hasbullah
 
Revision of Legal issues for Unit 11.pptx
Revision of Legal issues for Unit 11.pptxRevision of Legal issues for Unit 11.pptx
Revision of Legal issues for Unit 11.pptx
Breach_P
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardGDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
Corporater
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018
Fraser Hay
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
Quotient Consulting
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?
Nuxeo
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 

More Related Content

What's hot

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
Srijan Technologies
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
Quotient Consulting
 
Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?
Nuxeo
 

What's hot (20)

GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information SystemData Protection & Privacy in Malaysian Total Hospital Information System
Data Protection & Privacy in Malaysian Total Hospital Information System
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
Data Quality-Driven GDPR: Compliance with Confidence (EMEA)
 
Personal Data Protection in Malaysia
Personal Data Protection in MalaysiaPersonal Data Protection in Malaysia
Personal Data Protection in Malaysia
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Flash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPRFlash Friday: Data Quality & GDPR
Flash Friday: Data Quality & GDPR
 
PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)PDPA 2010 at office (HairulHafiz)
PDPA 2010 at office (HairulHafiz)
 
Revision of Legal issues for Unit 11.pptx
Revision of Legal issues for Unit 11.pptxRevision of Legal issues for Unit 11.pptx
Revision of Legal issues for Unit 11.pptx
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) DashboardGDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
GDPR Compliance Software | General Data Protection Regulation (GDPR) Dashboard
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711Half day public-seminar_on_pdpa_2010_-_250711
Half day public-seminar_on_pdpa_2010_-_250711
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?Webinar | GDPR: How Can Content Services Help You Comply?
Webinar | GDPR: How Can Content Services Help You Comply?
 

Similar to How to Manage GDPR Access Requests. GDPR DSAR SAR DSR Framework from Feroot

An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
Lionel Briand
 

Similar to How to Manage GDPR Access Requests. GDPR DSAR SAR DSR Framework from Feroot (20)

Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR Presentation
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data Subject
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
EFA Skillshare - Jitty van Doodewaerd
EFA Skillshare - Jitty van DoodewaerdEFA Skillshare - Jitty van Doodewaerd
EFA Skillshare - Jitty van Doodewaerd
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
An AI-assisted Approach for Checking the Completeness of Privacy Policies Aga...
 
Star II sme hotline 21.01.20
Star II sme hotline 21.01.20Star II sme hotline 21.01.20
Star II sme hotline 21.01.20
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth Boardman
 
Feedback on Personal Data Protection Bill 2019
Feedback on Personal Data Protection Bill 2019Feedback on Personal Data Protection Bill 2019
Feedback on Personal Data Protection Bill 2019
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
 
GDPR Summary
GDPR SummaryGDPR Summary
GDPR Summary
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
How to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive AdvantageHow to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive Advantage
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulation
 

Recently uploaded

API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
VictorSzoltysek
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
Modernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using BallerinaModernizing Legacy Systems Using Ballerina
Modernizing Legacy Systems Using Ballerina
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 

How to Manage GDPR Access Requests. GDPR DSAR SAR DSR Framework from Feroot

  • 1. [GDPR is Here. Privacy Matters More than Ever 75% will not buy a product from a company, no matter how great the products are, if they don’t trust the company to protect their data… " 2018 IBM, Harris Poll
  • 2. Now your company apps, SaaS and AI systems have Bob’s data. And, you have new obligations under Article 7, 12 to 23. • Can Bob withdraw consent as easily as he gave it? • How can he request data erasure (‘be forgotten’)? • Can people request restriction of processing? • How can they request rectification? • How can they request data export? • How can you say NO to SAR and Defend it? More… [Great News! Bob is Your Customer
  • 3. [GDPR DSR – Data Subject Rights Framework
  • 5. [Establish Processes for Fulfilling GDPR Art. 12 to 23
  • 6. Respect Customers An Intuitive self-serve privacy preferences Customer Experience Drafted by Lawyers Bob Smith Bob33@gmail.com M WC2N 5DU [
  • 7. Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 1. Are you processing personal data of EU data subjects where the processing activities are related to monitoring of their behavior or offering of goods or services to residents of European Union directly by your company or on behalf of your customers? (As defined by GDPR Article 3) 2. How do you demonstrate compliance with the Article 5 Principles of Processing Personal Data: • data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; • processed lawfully, fairly and in a transparent manner; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’); • kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 3. How do you demonstrate proof that data subject has consented to processing of his or her personal data? 4. How can data subject withdraw his or her consent at any time as easily as they gave their consent?
  • 8. Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 5. How do you facilitate the exercise of data subject rights under Articles 15 to 22? 6. How do you demonstrate that Data subject rights don’t diminish regardless how many parties are involved in data processing? 7. How do you demonstrate a proof that, at the time when personal data are obtained, data subjects where provided with all of the following information as per Article 13, including: • the right to withdraw consent at any time • the identity and the contact details of the controller and, where applicable, of the controller’s representative; • the contact details of the data protection officer, where applicable; • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; • where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party; • the recipients or categories of recipients of the personal data, if any; • where applicable, the fact that the controller intends to transfer personal data to a third country or international organizations.
  • 9. Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 8. How do you provide data subject or the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information as per Article 15: • the purposes of the processing; • the categories of personal data concerned; • the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; • the right to lodge a complaint with a supervisory authority; • where the personal data are not collected from the data subject, any available information as to their source; • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  • 10. Assess your GDPR Subject Rights Compliance Posture According to Article 3, 5, 7, 12 – 21, and 39[ 9. How do you enable data subjects to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the grounds in Article 17 Paragraph 1 applies? 10. How do you enable data subjects to obtain from the controller restriction of processing where one of the grounds in Article 18 Paragraph 1 applies? 11. How do you communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 to each recipient to whom the personal data have been disclosed as mandated by Article 19? 12. How do you provide personal data to the data subject concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and facilitate the right to transmit data to another controller without hindrance from the controller to which the personal data have been provided as outline in Article 20?
  • 11. Privacy Compliance Matters More Than Ever[ • Grow Customer Loyalty and Trust • Reduce Privacy Compliance Costs • Mitigate Penalties