TrustArc Individual Rights ManagerData Subject Access Requests (DSAR) Watch Video Meet GDPR and CCPA privacy compliance requirements for DSAR and other consumer privacy rights. The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) significantly increase the requirements on how businesses address individual rights, also referred to as data subject rights or consumer privacy rights. These regulations also impose strict requirements on businesses regarding the type of data subject access requests (DSAR) they need to address and the timeline and process they need to follow to fulfill the requests.Learn More TrustArc Individual Rights Manager Addressing individual rights will require knowing what data has been collected, determining which rights are being exercised and whether exceptions apply and having a solution in place to respond to requests. TrustArc Individual Rights Manager is designed to help companies meet GDPR, CCPA and other compliance requirements, minimize risk and build trust with customers. The solution enables individuals to easily submit DSARs and companies to efficiently manage, evaluate and resolve requests within required timelines. In addition, companies can use the solution to maintain an audit trail that demonstrates accountability and regulatory compliance. Individual Rights Manager Features Proven Technology TrustArc Individual Rights Manager uses proven methodology leveraging our 20 year history as one of world’s largest providers of consumer privacy dispute resolution services. That methodology was used to design a customizable solution that enables customers to easily submit requests and companies to efficiently manage, review and follow-up to meet GDPR and CCPA compliance requirements. Request Intake The TrustArc Button is deployed on applicable websites and prompts individuals to submit a request. Once the individual clicks through, a user-friendly form pops up, automating the process of collecting the correct information from each consumer and allowing them to easily submit a DSAR. Identity Verification Identity Verification allows companies to easily verify the identity of individuals submitting DSARs and ensures that the process moves forward only for valid individuals. Request Management Portal Request management portal streamlines tracking, evaluating and following-up on DSARs; supports process completion within required timelines (i.e., for GDPR and CCPA compliance); and helps ensure that all DSARs are responded to in a timely manner. Compliance Reports Compliance reports can be generated to support request management efforts and show progress toward resolving requests. Data Mapping Integration with TrustArc Data Inventory Hub allows a company to easily locate an individual’s data within systems, which speeds up response times. Individual Rights Consulting TrustArc privacy experts can help develop an individual rights program process based upon analyzing a company’s business process flows. Implementing a customized compliance program will help make the process efficient, streamlined and sustainable. Privacy Dashboard Monitor the status of privacy KPIs along with regulatory updates with the centralized, configurable dashboard. End to End Privacy Management Part of the TrustArc Platform which manages all phases of privacy compliance, including assessments, data inventory & mapping, vendor risk, cookie consent, DSARs and much more. Individual Rights Manager Guide: Frequently Asked Questions Below are answers to popular questions relating to individual rights, data subject rights and data subject access requests (DSARs). What are individual rights/data subject rights? ➤ Privacy laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) seek to protect the personal data and privacy of individuals (also referred to as data subjects or consumers). Both define individual rights or data subject rights that they protect. What is the right to be forgotten? ➤ The right of erasure or deletion, or the right to be forgotten, is one of the individual rights outlined in privacy laws like GDPR and CCPA. For example, under GDPR, individuals have the right to have their personal information erased/deleted and companies are obligated to do so when there is no legitimate reason for the company to keep the information. An individual may also request the removal of links by search engines where personal data is disclosed as part of the right to be forgotten. What are data subject rights under GDPR? ➤ The GDPR protects the personal data of individuals, which includes anyone physically residing in the EU, even if they are not EU citizens. GDPR Articles 12-23 provide the following protections for individual rights or data subject rights - the right to information, right to access, right to rectification or erasure, right to restrict processing, right to object and right to data portability. What are the GDPR requirements related to data subject rights? Under GDPR, companies must protect personal data of individuals and address data subject rights when they receive a data subject access request. GDPR imposes requirements on businesses regarding the type of DSARs they need to address and the timeline and process they need to follow to fulfill the requests. For example, GDPR requires that data subject access requests be addressed within one month (with some exceptions and extensions permitted). Companies must also verify the data subject/individual’s identity before turning over information to the individual. What are data subject access requests (DSARs)? ➤ Under GDPR and CCPA, individuals can make data subject access requests (DSARs) of any organization they believe is holding/processing their personal data. For example, the GDPR provides individuals the rights of access and data portability. Individuals have the right to request and receive confirmation from a business about whether personal data about them is being processed; and, if so, additional information, including the categories of personal information concerned; the recipients or categories of recipients with whom the information have or will be shared; and the purposes of processing. What are individual rights under CCPA? ➤ The CCPA, a bill passed by the state of California legislature on June 28, 2018 and slated to go into effect January 1, 2020, is the toughest privacy law in the U.S. CCPA expands the rights of consumers to have more control over their personal information and requires companies to be more transparent about how they use and disclose personal information. Referred to as individual rights or data subject rights in GDPR, these rights are referred to as consumer rights under CCPA. Individual rights under CCPA include: right to access, data portability, deletion, disclosures about sharing/sale and opt-in/opt-out. What are the CCPA requirements related to individual rights? The central purpose of the CCPA is to expand the rights of California residents relating to their control over personal information about them, and to require businesses to be more transparent about the ways in which they use residents’ personal information. Businesses’ (covered by the CCPA) obligations related to individual rights include: Access: Individuals may request disclosure of the specific data elements of personal information collected about them, categories of personal information collected, categories of sources, purposes for collecting or selling, and categories of recipients with whom the personal information has been shared Data Portability: If the specific data elements of personal information are provided to the requestor electronically, to the extent technically feasible, they must be provided in a readily transferable electronic format Deletion: Individuals may request to have their personal information deleted Disclosures about Sharing/Sale: Individuals may request an accounting of the disclosures, including sale, of personal information made to third parties; this significantly expands upon the existing California “Shine the Light” law Opt Out: Individuals may object to the sale of personal information about them Opt In: Minors or their guardian must affirmatively authorize the sale of the minor’s personal information Looking for help with GDPR and CCPA Individual Rights Compliance? Schedule a Demo Resources × This video is unavailable due to your cookie preference setting. To view the video: (1) Click the ‘Cookie Preferences’ button in the bottom right; (2) Change the ‘Functional Cookies’ setting to ‘Yes’; (3) Refresh the page.