CPRA Step 07
Providing User Right to Portability
The right to portability as a business process should be identical to an access request. However the key difference is that the data returned to the user should be in a machine readable format that could be transferred to another vendor or business.
For example, in a typical access request, you might return this data to the user in any format that is easy to read and understand, such as a PDF or spreadsheet.
In the case of data portability, you should provide this in a machine readable format that is structured enough to be ingested and processed by other systems. Good examples of interchangeable formats that are suitable for this would be either JSON or XML although there are many others you can choose from.
Looking for more help with how to structure packages in JSON, CSV or XML for data portability requests? Ask a question now on the Fides Slack Community.
If want lightning-fast, automated portability requests with Privacy Engineering Intelligence from Ethyca, get in touch now.