TrustArc Individual Rights ManagerData Subject Access Requests (DSAR) Watch Video Meet GDPR and CCPA privacy compliance requirements for Data Subject Access Requests (DSAR) and other consumer privacy rights. The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) significantly increase the requirements on how businesses address individual rights, also referred to as data subject rights or consumer privacy rights. These regulations also impose strict requirements on businesses regarding the type of data subject access requests (DSAR) they need to address and the timeline and process they need to follow to fulfill the requests.Learn More TrustArc Individual Rights Manager Addressing individual rights will require knowing what data has been collected, determining which rights are being exercised and whether exceptions apply and having a solution in place to respond to requests. TrustArc Individual Rights Manager is designed to help companies achieve CCPA and GDPR compliance, minimize risk and build trust with customers. The solution enables individuals to easily submit DSARs and companies to efficiently manage, evaluate and resolve requests within required timelines. In addition, companies can use the solution to maintain an audit trail that demonstrates accountability and regulatory compliance. This 3-in-1 solution helps companies address data subject access rights requests by providing proven technology, expert consultants and specialized content. Individual Rights Manager Features Proven Technology TrustArc Individual Rights Manager uses proven methodology leveraging our 20 year history as one of world’s largest providers of consumer privacy dispute resolution services. That methodology was used to design a customizable solution that enables customers to easily submit requests and companies to efficiently manage, review and follow-up to meet GDPR and CCPA compliance requirements. Request Intake The TrustArc Button is deployed on applicable websites and prompts individuals to submit a Data Subject Access Request. Once the individual clicks through, a user-friendly form pops up, automating the process of collecting the correct information from each consumer and allowing them to easily submit a DSAR. Identity Verification Identity Verification allows companies to easily verify the identity of individuals submitting DSARs and ensures that the process moves forward only for valid individuals. Workflow Management Workflow Management automates and streamlines the steps and activities to track, evaluate and follow-up on DSARs; supports process completion within required timelines (i.e., for GDPR compliance and CCPA compliance); and helps ensure that all individual rights requests are responded to in a timely manner. Compliance Reports Compliance Reports can be generated to support GDPR and CCPA data subject access request management efforts and show progress toward resolving requests. The user-friendly dashboard allows companies to easily view and act on key compliance metrics. Data Mapping Integration with TrustArc Data Flow Manager allows a company to easily locate an individual’s data within systems, which speeds up response times. Assessment Management Integration with TrustArc Assessment Manager includes a comprehensive set of privacy assessments that will help a company understand which individual rights apply to their processing. Assessment Manager will help streamline the assessment and response process for DSARs. Individual Rights Consulting TrustArc privacy experts can help develop an individual rights program process based upon analyzing a company’s business process flows. Implementing a customized compliance program will help make the process efficient, streamlined and sustainable. Individual Rights Manager Guide: Frequently Asked Questions Below are answers to popular questions relating to individual rights, data subject rights and data subject access requests (DSARs). What are individual rights/data subject rights? ➤ Privacy laws such as the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) seek to protect the personal data and privacy of individuals (also referred to as data subjects or consumers). Both define individual rights or data subject rights that they protect. What is the right to be forgotten? ➤ The right of erasure or deletion, or the right to be forgotten, is one of the individual rights outlined in privacy laws like GDPR and CCPA. For example, under GDPR, individuals have the right to have their personal information erased/deleted and companies are obligated to do so when there is no legitimate reason for the company to keep the information. An individual may also request the removal of links by search engines where personal data is disclosed as part of the right to be forgotten. What are data subject rights under GDPR? ➤ The GDPR protects the personal data of individuals, which includes anyone physically residing in the EU, even if they are not EU citizens. GDPR Articles 12-23 provide the following protections for individual rights or data subject rights - the right to information, right to access, right to rectification or erasure, right to restrict processing, right to object and right to data portability. What are the GDPR requirements related to data subject rights? Under GDPR, companies must protect personal data of individuals and address data subject rights when they receive a data subject access request. GDPR imposes requirements on businesses regarding the type of DSARs they need to address and the timeline and process they need to follow to fulfill the requests. For example, GDPR requires that data subject access requests be addressed within one month (with some exceptions and extensions permitted). Companies must also verify the data subject/individual’s identity before turning over information to the individual. What are data subject access requests (DSARs)? ➤ Under GDPR and CCPA, individuals can make data subject access requests (DSARs) of any organization they believe is holding/processing their personal data. For example, the GDPR provides individuals the rights of access and data portability. Individuals have the right to request and receive confirmation from a business about whether personal data about them is being processed; and, if so, additional information, including the categories of personal information concerned; the recipients or categories of recipients with whom the information have or will be shared; and the purposes of processing. What are individual rights under CCPA? ➤ The CCPA, a bill passed by the state of California legislature on June 28, 2018 and slated to go into effect January 1, 2020, is the toughest privacy law in the U.S. CCPA expands the rights of consumers to have more control over their personal information and requires companies to be more transparent about how they use and disclose personal information. Referred to as individual rights or data subject rights in GDPR, these rights are referred to as consumer rights under CCPA. Individual rights under CCPA include: right to access, data portability, deletion, disclosures about sharing/sale and opt-in/opt-out. What are the CCPA requirements related to individual rights? The central purpose of the CCPA is to expand the rights of California residents relating to their control over personal information about them, and to require businesses to be more transparent about the ways in which they use residents’ personal information. Businesses’ (covered by the CCPA) obligations related to individual rights include: Access: Individuals may request disclosure of the specific data elements of personal information collected about them, categories of personal information collected, categories of sources, purposes for collecting or selling, and categories of recipients with whom the personal information has been shared Data Portability: If the specific data elements of personal information are provided to the requestor electronically, to the extent technically feasible, they must be provided in a readily transferable electronic format Deletion: Individuals may request to have their personal information deleted Disclosures about Sharing/Sale: Individuals may request an accounting of the disclosures, including sale, of personal information made to third parties; this significantly expands upon the existing California “Shine the Light” law Opt Out: Individuals may object to the sale of personal information about them Opt In: Minors or their guardian must affirmatively authorize the sale of the minor’s personal information Looking for help with GDPR and CCPA Individual Rights Compliance? Schedule a Demo Resources × This video is unavailable due to your cookie preference setting. To view the video: (1) Click the ‘Cookie Preferences’ button in the bottom right; (2) Change the ‘Functional Cookies’ setting to ‘Yes’; (3) Refresh the page.