UPGRADE: A NEW DSAR MANAGEMENT TOOL

We’ve upgraded the DSAR Management Tool in our GDPR compliance software. Check out the new functionality that will enable you to manage data subject access requests more efficiently.

Details of the upgrade

  • Much improved workflow
  • A simpler, more intuitive online request form
  • Assign requests to various people across your organisation
  • Relevant rules embedded in each request type
  • A Kanban-inspired status report dashboard
  • Automatic reference number attributed

If you encounter any display issues., we recommend that you clear your browser cache. You will find a complete tutorial here.

How to implement the new codes to your webpage

For your privacy notices and the online DSAR form, we have changed the code that you need to copy to your websites. Note – the implementation procedure is the same for both documents.

Where to find the code

For the privacy notices, look under ‘Governance / Privacy Notices’

where is the code for Privacy notices


For the data subject access request form, look under ‘Settings’ in the ‘Subject Access’ section.

Create a new page

Because it’s no longer a link, you must create new pages on your website and insert the relevant code. 

We recommend that you create one new page for your privacy notice and another for the data subject access request form.

Insert the full code in html as follows

Step 1 – Add this line.
<div id="your-element-id"></div> 

“your-personalized-id” should match the value of the container mentioned below

Step 2 – Amend the code available in the GDPR365 App

Copy the relevant code from the places mentioned above and insert into the relevant webpage.

<script>(function (w,d,s,o,f,js,fjs) { w['365Compliance']=o;w[o] = w[o] || 
function () { (w[o].q = w[o].q || []).push(arguments) };
js = d.createElement(s), 
fjs = d.getElementsByTagName(s)[0];js.id = o; js.src = f;
js.async = 1; fjs.parentNode.insertBefore(js, fjs);}
(window, document, 'script', 'mw', 'https://app.gdpr365.com/js/365Compliance.min.js'));
mw('init',{container:'your-element-id',key:'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'});
mw('pn');
</script> 

Once you have copied the code, do the following:

– your-element-id: you need to change this text in order to match the same text you have in the first element.

– Key: the key is already provided. In the example above, it was anonymized.

This is what the final code looks like.

<!-- You have personalized your element id -->
<div id="my-element"></div>
<script>(function (w,d,s,o,f,js,fjs) { w['365Compliance']=o;w[o] = w[o] || 
function () { (w[o].q = w[o].q || []).push(arguments) };
js = d.createElement(s), 
fjs = d.getElementsByTagName(s)[0];js.id = o; js.src = f;
js.async = 1; fjs.parentNode.insertBefore(js, fjs);}
(window, document, 'script', 'mw', 'https://app.gdpr365.com/js/365Compliance.min.js'));
mw('init',{container:'my-element',key:'8334azy12-ad74-4er3-gh5e-abcd3fb86111'});
mw('pn');
</script> 

Transcription of the video

Hello again and welcome to another in our series on getting to know GDPR365. I trust that your compliance journey goes well. In this lesson we’ll learn how to use the new Subject Access section. Previously, you would need to set up the email address of the person who receives your data subject access request under Governance / Your Website. This has been moved to the Subject Access section and we’ve replaced it with the employee privacy notice.

Let’s go to Subject Access on the home page.

Notice that the Request Response Guide is still there as a reference. We’ve madeit much more convenient by incorporating all the relevant rules into each requesttype. Click on the Settings tab. This is where we have relocated the code that you may copy to your website. Don’t forget to set the person responsible for receiving requests. The online form, seen below, is much simpler and more intuitive. The data subject simply selects the type of request and completes the contact details. When they submit, it ends up under Requests. 

Click on Requests. Notice the various stages – Received, In Progress, Complete and Rejected. The other cool thing is that you can now assign requests to variouspeople. The first thing to do is to click on the 3 dots next to Received and In Progress and set the Default Task Owner and Days till Task is Due. This tell the user who has been assigned a request, of how much time they have to review and process that particular section. 

An admin user has sight of all DSARs, while other users will only see requests assigned to them. You may also add requests manually by simply by clicking the cross in the green circle. On each panel you can see the requester’s name, the nature of the request, the creation date and the due date. Although this could change depending on what happens further down the line. And we automatically assign a reference number which you can use for tracking any communication between yourself and the requester.

Let’s look at Martin Scorsassy’s request. These are the details he would have captured online. Let’s click Next to go to Received. This is where you assist the legitimacy of the request and confirm the identity of the requester.

Now it’s important not to overlook the Info buttons.

They provide important information that supports your decision making.

Once you satisfy the rules, you may move to In Progress.

The first thing you want to do is to get an idea from your data mapping as to why and where the data might be processed – click the icon in the top right corner to access the data mapping. In some cases, you may need to branch out to specific systems, such as your CRM or HR systems, to make inquiries about the specific requester. Once you have all the information, you can make a decision as to how you will respond.

If the request has failed you will select the relevant item in red text. If successful,it will be the relevant item in blue text. In either case the next step will take you to Complete.

We’ve come to the end of this lesson.

Thank you for reading.

NOT A CLIENT YET?

Russell Raizenberg

Russell Raizenberg

I have a broad-based managerial background in the petroleum industry, where I gained cross-cultural, local and international experience. I have held senior positions in IT governance, risk and compliance; business continuity; crisis management and data privacy management.

Leave a Reply

Your email address will not be published. Required fields are marked *