Difference between revisions of "Access Requests"
(→Information) |
(→Privileges) |
||
| (36 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Introduction to Access Requests == | == Introduction to Access Requests == | ||
| − | ''Access | + | ''Access requests'' provide the mean for data subjects to exercise their right to access information about the processing of their |
''personal data'' (e.g. according to section 2, article 13 of ''GDPR Regulation''). | ''personal data'' (e.g. according to section 2, article 13 of ''GDPR Regulation''). | ||
| − | The | + | The workflow enables to record ''access requests'' and to support their fulfilment. |
== Workflow == | == Workflow == | ||
| − | A new '' | + | A new ''access request'' can be created using the '''Add New''' functionality and choosing "New Access Request". |
| − | A workflow enables to move | + | A workflow enables to move ''access requests" in several statuses as shown in the following picture. |
| + | |||
| + | [[File:Access_Requests_Workflow_ENG_v1.0.JPG|centre|thumb|800x800px|Access Requests workflow and statuses.]] | ||
| − | |||
The following table explains the meaning of each status: | The following table explains the meaning of each status: | ||
| Line 18: | Line 19: | ||
! Status !! Description | ! Status !! Description | ||
|- | |- | ||
| − | |Default || A | + | |Default || A temporary status when the ''access request'' is initially created before the first save. |
|- | |- | ||
|Opened || An ''access request'' in this status is draft and it is not actioned. | |Opened || An ''access request'' in this status is draft and it is not actioned. | ||
| Line 28: | Line 29: | ||
|Cancelled || ''Access request'' cancelled. This is an end of life status. | |Cancelled || ''Access request'' cancelled. This is an end of life status. | ||
|- | |- | ||
| − | |Completed || In this status, all activities related to the '' | + | |Completed || In this status, all activities related to the ''access request'' were completed and closure is expected after confirmation. |
|- | |- | ||
|Suspended || Activities concerning the ''access request'' are temporarily suspended, meaning no further status transitions are allowed. | |Suspended || Activities concerning the ''access request'' are temporarily suspended, meaning no further status transitions are allowed. | ||
| Line 37: | Line 38: | ||
== Information == | == Information == | ||
| − | ''Access request'' records | + | ''Access request'' records are organized in five sections: |
* <u>''Identification''</u>, where identification data of the ''access request'' are recorded, | * <u>''Identification''</u>, where identification data of the ''access request'' are recorded, | ||
| − | * ''Ownership & Organization'', containing the assignment of the key roles enabled to manage the ''access request''; | + | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the ''access request''; |
| − | * ''Access Request Details'', with the details of the ''access request''; | + | * <u>''Access Request Details''</u>, with the details of the ''access request''; |
| − | * ''Data Subject Details'', with the details of the data subject issuing the ''access request''; | + | * <u>''Data Subject Details''</u>, with the details of the ''data subject'' issuing the ''access request''; |
| − | * ''Data Subject Representative'', containing the details of the representative of the data subject, if any. | + | * <u>''Data Subject Representative''</u>, containing the details of the representative of the ''data subject'', if any. |
| + | |||
| + | Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | ||
| + | |||
| + | Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See [[How To]] for more information. | ||
== Privileges == | == Privileges == | ||
| − | ''Access request'' can be created by the users to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege. | + | ''Access request'' can be created by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege). |
| + | The lifecycle of the ''access request'' is managed by the roles described in the table below. ''Groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups''). | ||
| + | {| class="wikitable" | ||
| + | ! Role !! Description | ||
| + | |- | ||
| + | |<u>DPO Group</u> || Members of the ''group'' assigned to this role have full privileges. They can: | ||
| + | * transition records to any compatible status, | ||
| + | * update fields when possible, | ||
| + | * update ''data sources'' directly in record management. | ||
| + | |- | ||
| + | |<u>Data Controller Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | ||
| + | |- | ||
| + | |<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | ||
| + | |- | ||
| + | |<u>Working Team</u> || Members of this ''group'' have several privileges. They can manage the entire lifecycle, being enabled to: | ||
| + | * transition records to any compatible status, | ||
| + | * update fields when possible. | ||
| + | |- | ||
| + | |<u>Auditors Team</u> || Members of the ''group'' assigned to this role have view (read) privileges. | ||
| + | |- | ||
| + | |<u>Owner</u> || This role can be assigned to a single user among members of the ''groups'' previously described. The <u>Owner</u> has several privileges: | ||
| + | * transition to any compatible status, | ||
| + | * update fields when possible. | ||
| + | |} | ||
== Warning and alerts == | == Warning and alerts == | ||
| + | TBC | ||
== Reports == | == Reports == | ||
| + | The list of ''access requests'' can be filtered and exported to excel format from the ''view'' '''''Access Requests'''''. | ||
== Related processes == | == Related processes == | ||
| + | ''Access Requests'' can be related to ''processing activities''. | ||
Latest revision as of 10:18, 10 October 2018
Contents
Introduction to Access Requests
Access requests provide the mean for data subjects to exercise their right to access information about the processing of their personal data (e.g. according to section 2, article 13 of GDPR Regulation).
The workflow enables to record access requests and to support their fulfilment.
Workflow
A new access request can be created using the Add New functionality and choosing "New Access Request".
A workflow enables to move access requests" in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the access request is initially created before the first save. |
| Opened | An access request in this status is draft and it is not actioned. |
| Requested | An access request in this status is confirmed and it is waiting to be actioned. |
| In charge | In this status, the access request has been taken in charge and it is being actioned. |
| Cancelled | Access request cancelled. This is an end of life status. |
| Completed | In this status, all activities related to the access request were completed and closure is expected after confirmation. |
| Suspended | Activities concerning the access request are temporarily suspended, meaning no further status transitions are allowed. |
| Closed | In this status, all activities related to the access request are completed and confirmed. This is an end of life status, meaning no further status transitions are allowed. |
Information
Access request records are organized in five sections:
- Identification, where identification data of the access request are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the access request;
- Access Request Details, with the details of the access request;
- Data Subject Details, with the details of the data subject issuing the access request;
- Data Subject Representative, containing the details of the representative of the data subject, if any.
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
Access request can be created by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the access request is managed by the roles described in the table below. Groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have view (read) privileges. |
| Working Team | Members of this group have several privileges. They can manage the entire lifecycle, being enabled to:
|
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
| Owner | This role can be assigned to a single user among members of the groups previously described. The Owner has several privileges:
|
Warning and alerts
TBC
Reports
The list of access requests can be filtered and exported to excel format from the view Access Requests.
Related processes
Access Requests can be related to processing activities.
