In this guide, we'll walk through what a privacy request is and how to get started receiving, managing and processing incoming privacy requests.
What are privacy requests?
Privacy requests, also known as Data Subject Requests (DSRs or DSARs), are requests from data subjects to
delete any personal data that an organization may hold about them.
Here is the flow for a typical privacy request:
At the end of this guide, you should feel empowered to:
- Configure the privacy center so that verified data subjects can submit requests
- Review and automate privacy request processing
- Configure the integrations and policies that power privacy requests
Data subjects have several rights when it comes to the protection and processing of their personal data including the right to file access and erasure requests. To learn how your consumers submit these requests, please see our guide for Submitting privacy requests.
And, businesses are required by law, in many regions, to provide an interface to their data subjects so that they can exercise their privacy rights by submitting privacy requests. To learn more about how to configure the Privacy Center to receive privacy requests, please see our guide for Receiving privacy requests.
Once a privacy request has been received, your team will need to review the privacy request and make a determination for how to process it. To learn more about what choices are available and how to use our Privacy Request interface, please see our guide for Managing privacy requests.
In order to ensure that the legal obligation has been fulfilled, a privacy request must be submitted to all databases or third party SaaS applications that process personal data. To learn how to configure Fides to submit these requests to your data stores, please see our guide for Processing privacy requests.
While handling privacy requests, you'll often need to update consumers on the processing status of their request. For example, you might need to communicate that a request has been received or that there was an error. In order to tailor these messages for your brand and consumers, please see our guide for configuring privacy request emails.