DSAR Software Portal – Tool for CCPA & GDPR Data Subject Access Requests
A DSAR Portal is a GDPR compliance software tool that businesses can provide to online users which enables them to conduct data subject access requests. DSAR software will also be needed by 2020 for compliance with the California Consumer Privacy Act (CCPA). For a demo of how the Clarip Data Subject Access Request Portal can become your system for management of individual rights, please call 1-888-252-5653.
What is a Data Subject Access Right?
The EU General Data Protection Regulation (GDPR) gives data subjects in Europe the right to access their data, delete it, correct it and transfer it to another controller starting in May 2018. Known as the data subject access rights (DSAR), they require organizations to provide EU citizens (called data subjects) the rights of access, rectification, erasure and data portability under GDPR Articles 15, 16, 17 and 20.
California residents have also been given data subject access rights as part of the California Consumer Privacy Act. “Consumers”, as they are called in the CCPA, will be able to access and request businesses delete their personal information starting in 2020. Companies that fulfill the right to access electronically will also have to provide that information in a data portable format, if the conditions of the law for such a transfer are meet.
The one aspect of GDPR that the California Consumer Privacy Act does not provide in California is the right to correct personal data that is inaccurate or misleading. However, since businesses could face a deletion request if they are not maintaining correct, this may ultimately become a best practice as part of data privacy efforts even without becoming a part of the law.
Scroll down to learn more about how DSAR software can help your team efficiently respond to requests from consumers under the new California privacy law or data subjects under GDPR.
What Does a DSAR Portal do?
The Portal permits website visitors to a company’s privacy center to exercise these rights by requesting their data from the company, correcting data or deleting their data. A DSAR Portal handles requests under:
– GDPR Article 15: Right of Access
– GDPR Article 16: Right to Rectification
– GDPR Article 17: Right to Erasure (“Right to be Forgotten”)
– GDPR Article 20: Right to Data Portability
Right of Access: The right of access provides data subjects the ability to request their information from the company if the organization is still processing it.
Right to Rectification: Data subjects have the right to correct inaccurate personal data or to provide a supplementary statement if there is incomplete personal data.
Right to Erasure: This GDPR Article provides the right to be forgotten. A data subject can request the deletion of his or her personal data without undue delay if consent has been withdrawn, processing is no longer necessary, the data has been unlawfully processed, or for several other enumerated reasons.
Right to Data Portability: The right to data portability under GDPR Article 20 allows people to obtain and reuse their personal information across different services for their own purposes. It eliminates potential roadblocks in the transfer of the personal data of an individual between two businesses.
Because the platform allows for custom forms, organizations can also provide a manner to collect requests under the Article 18 right to processing restriction, the Article 21’s right to object, and the Article 22 right not to be subject to automated processing.
What are the Challenges for DSAR Software in the CCPA?
The California Consumer Privacy Act has three of the GDPR components:
Right to Access: Businesses must disclose the specific information they possess, along with other disclosure requirements specified, within 45 days. Before disclosing it, businesses must verify the consumer identity according to the Attorney General regulations, which have yet to be issued.
Right to Data Portability: Consumers that request their information under the right to access be delivered electronically must be provided it in a portable format that, if technically feasible, will enable them to transmit the information to another entity due to its readily useable format.
Right to Delete: Consumers are entitled to the deletion of there personal information within 45 days if it is not within one of the exemptions specified by the law. Like in the right to access, organizations have 45 days to either execute the request or provide the consumer with notice of a 45 day extension.
How Does the Clarip Data Subject Access Request Portal Work?
Call 1-888-252-5653 or contact us online for a demo of the Clarip software.
Related Content
Right of Access in CCPA
CCPA Right to Delete
Applying the 9 CCPA Exemptions to Deletion Requests
Data Subject Access Request Management Tools and Procedures
Individual Rights Manager Software
Legal Obligation Exceptions to the CCPA Right to Delete
Internal Use Exceptions to the CCPA Right to Delete
Research Exception to the CCPA Right to Delete
Verifiable Consumer Requests in CCPA