Data Subject Requests

Data Subject

Effortlessly handle Data Subject Requests

The General Data Protection Regulation (GDPR) provides every EU Data Subject certain rights that they can exercise regarding their own Personal Data:

  1. Right to be informed
  2. Right of access
  3. Right to rectification
  4. Right to be forgotten
  5. Right to restriction of processing
  6. Right to data portability
  7. Right to object
  8. Right to not be the subject of automated decision-making

This means that every organization that processes personal data of EU citizens should be able to receive, process and answer Data Subject Rights in a timely fashion. If you cannot reply within one month of the receipt of the request, you risk getting fined by the Data Protection Authority. Taking into account the immense amounts of data that companies process every single day, this presents certain challenges that require a structured approach.

Challenges of Data Subject Requests

When it comes to practically dealing with Data Subject Requests, most organizations are still searching for a cost-effective way to handle these requests. These are some of the challenges we encounter most:


  1. Identification: this step is oftentimes missed. Even though it poses a great risk of encountering a data breach. E.g.: when the submitter of the request isn’t who he claims to be.
  2. Knowing where to look: data is spread out across an organization, so it’s not always clear for a Data Protection Officer (DPO) where he can find a particular Data Subject’s data
  3. Getting complete information: even if you can locate the data of your Data Subject, a lot of DPOs will still have this internal incertitude of whether they now have ALL the personal data
  4. Tracking progress: In larger organizations the DPO can count on his colleagues throughout the organization to follow-up on DSARs. However, with the increasing pressure on organizations, tasks can easily be left aside for too long, at great risk of course.


It’s possible to keep track of Data Subject Requests via e.g. a spreadsheet. However, it’s not a very sustainable, nor a productive way of working. The GDPR is only in effect for a few years now, and the number of Data Subject Requests will rise as people get more acquainted with them. That’s why we suggest an automated, structured approach.

Handling Data Subject Requests in RESPONSUM

The goal of our solution is to make your life as a privacy professional easier. When a Data Subject Request comes in, RESPONSUM guides you through the necessary steps:


  1. Determine the scope of the Data Subject Request
  2. Delegate tasks across the organization
  3. Keep a history log of all actions
  4. Get or send timely reminders to ensure a close follow-up
  5. Set up review cycles before answering the Data Subject Request

Want to see our Data Subject Request module in action?

Get in touch for a free demo or Proof of Concept!

free demo