If you are an organisation then this Software as a Service application can jump start your journey to GDPR compliance. By subscribing you can:
  • Avoid having to modify or create your own website extension to service Data Subject Access Requests.
  • Automate the Subject Access Request process and workflow.
  • Publish your GDPR specific processing information.
  • Receive secured requests from Data Subjects that integrate with your own back end systems via email, public API, or via on-premise gateway integration.
  • Submit reply messages to Data subjects to the site via built in User Interface, or submit from on-premise triggers.
  • Submit notification messages to Data subjects via email or mobile.
  • Publish your Data Controller (DC), Data Protection Officer (DPO) contact details.
  • Provide a secure repository where a logged in DS, DC and DPO can track messages including: Download, Grant Consent, Revoke Consent, Update.
  • Brand your own html email templates using DotLiquid syntax.
  • Use Microsoft Accounts - including Office365, Azure, or Microsoft Account for Login
  • Use Google, LinkedIn, Facebook authentication for Login
  • Use TLS client certificate authentication when posting to Organisation APIs.
  • Upon breach - upload CSV file to bulk send email messages to Data Subjects.
  • Suspend or Delete your organisation at any time
  • Pay a monthly subscription for the non branded instance, shared with other organisations.
  • Pay a monthly subscription for your own branded copy
Data Subjects (Consumers)
Data subjects can search organisations and make 'Subject Access Requests' easily and securely through a common hub. Type * for a list.
  • Ability to request a copy or view the DC privacy policy
  • Ability to view what PII data is being used, where it is held, how it is stored, for what reason, duration held.
  • Request an electronic copy of data from the DC. A response with the data or an acknowledgment is required within a month to a maximum of three months.
  • View contact details for a DC
  • To explicitly grant consent for processing of data to the DC
  • To explicitly revoke consent for storage or processing of data to DC
  • To explicitly request deletion of data from DC or third party of the DC©