Difference between revisions of "Access Requests"

From Privacy-Now
Jump to: navigation, search
(Privileges)
(Privileges)
Line 55: Line 55:
 
! Role !! Description
 
! Role !! Description
 
|-
 
|-
|DPO Group || A transitory status active when the ''access request'' if initially created.  
+
|DPO Group || Members of this ''group'' have the maximum privileges on ''access request''. They can:
 +
* transition ''access requests'' to any compatible status,
 +
* update ''access requests'' fields,
 +
* update ''access request'' ''data sources'' directly in record management.
 
|-
 
|-
|Opened || An ''access request'' in this status is draft and it is not actioned.
+
|Data Controller Group || An ''access request'' in this status is draft and it is not actioned.
 
|-
 
|-
|Requested || An ''access request'' in this status is confirmed and it is waiting to be actioned.
+
|Data Processor Group || An ''access request'' in this status is confirmed and it is waiting to be actioned.
 
|-
 
|-
|In charge || In this status, the ''access request'' has been taken in charge and it is being actioned.  
+
|Working Team || In this status, the ''access request'' has been taken in charge and it is being actioned.  
 
|-
 
|-
|Cancelled || ''Access request'' cancelled. This is an end of life status.
+
|Audit Team || ''Access request'' cancelled. This is an end of life status.
|-
 
|Completed || In this status, all activities related to the ''action request'' were completed and closure is expected after confirmation.
 
|-
 
|Suspended || Activities concerning the ''access request'' are temporarily suspended, meaning no further status transitions are allowed.
 
|-
 
|Closed || In this status, all activities related to the ''access request'' are completed and confirmed. This is an end of life status, meaning no further status transitions are allowed.
 
 
|-
 
|-
 +
|Owner || In this status, all activities related to the ''action request'' were completed and closure is expected after confirmation.
 
|}
 
|}
  

Revision as of 21:48, 10 September 2018

Introduction to Access Requests

Access Requests provide the mean for data subjects to exercise their right to access information about the processing of their personal data (e.g. according to section 2, article 13 of GDPR Regulation).

The process enables to record "Access Requests" and to support their fulfilment.

Workflow

A new Access Request can be created using the Add New functionality and choosing "Access Request".

A workflow enables to move the Access Request" in several statuses as shown in the following picture.

Access Requests workflow and statuses.

The following table explains the meaning of each status:

Status Description
Default A transitory status active when the access request if initially created.
Opened An access request in this status is draft and it is not actioned.
Requested An access request in this status is confirmed and it is waiting to be actioned.
In charge In this status, the access request has been taken in charge and it is being actioned.
Cancelled Access request cancelled. This is an end of life status.
Completed In this status, all activities related to the action request were completed and closure is expected after confirmation.
Suspended Activities concerning the access request are temporarily suspended, meaning no further status transitions are allowed.
Closed In this status, all activities related to the access request are completed and confirmed. This is an end of life status, meaning no further status transitions are allowed.

Information

Access request records information are organized in four secions:

  • Identification, where identification data of the access request are recorded,
  • Ownership & Organization, containing the assignment of the key roles enabled to manage the access request;
  • Access Request Details, with the details of the access request;
  • Data Subject Details, with the details of the data subject issuing the access request;
  • Data Subject Representative, containing the details of the representative of the data subject, if any.

Details on every fiel can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.

Privileges

Access request can be created by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege.

The lifecycle of the access request is managed by the roles DPO group, data controller group, data processor group and owner. Groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups)

Role Description
DPO Group Members of this group have the maximum privileges on access request. They can:
  • transition access requests to any compatible status,
  • update access requests fields,
  • update access request data sources directly in record management.
Data Controller Group An access request in this status is draft and it is not actioned.
Data Processor Group An access request in this status is confirmed and it is waiting to be actioned.
Working Team In this status, the access request has been taken in charge and it is being actioned.
Audit Team Access request cancelled. This is an end of life status.
Owner In this status, all activities related to the action request were completed and closure is expected after confirmation.

Warning and alerts

Reports

Related processes

Retrieved from "http://wiki.privacy-now.eu/en/index.php?title=Access_Requests&oldid=149"