Overview
This guide walks through the complete process of handling Data Subject Rights (DSR) requests from submission to completion.
Request Types
Access Request
User wants copy of their data
- 30-day legal deadline
- Export in machine-readable format
- Full scope of processing
- “Right to be forgotten”
- Permanent deletion
- May have legal exceptions
- JSON or CSV export
- Complete data transfer
- User can move to another service
- Update personal information
- Admin review required
- Limited scope
- User visits DSR Portal at
/privacy-requests/ - Selects request type: Access, Delete, Portability, Rectification
- Enters email address: Must match account or receive verification
- Provides details:
- Submits request
- Sends verification email
- Includes confirmation link
- Link valid for 24 hours
- Tokens are unique and expire
- Opens email
- Clicks verification link
- System marks as verified
- Shows request confirmation
- Provides tracking reference
- New request notification sent to admin email
- SLOS Dashboard shows new request badge
- Pending Requests queue updated
- Email contains:
- Go to SLOS → DSR Portal → Requests
- Click Pending tab
- Locate request in list
- Click to open details
- Review all information
- Request type (access, deletion, etc.)
- Requester email and name
- Submission time
- Verification status
- Deadline (30 days or custom)
- Days remaining
- Priority level (auto-calculated)
- Assigned user
- Open request details
- Scroll to Verification Status
- Review verification:
- Add Internal Notes:
- Update status to verified
- Mark complete date
- Click Assign To dropdown
- Select team member responsible
- Choose from admin users
- Can reassign later if needed
- Assignee receives notification
- Auto-priority based on:
- Manual priority:
- User account data
- Post history
- Comment history
- Metadata
- Consent records
- Scan results
- Identify data sources:
- Check external sources:
- Go to DSR Portal → Settings
- Enable Third-Party Integration
- For each integrated service:
- Collect all data:
- Prepare export:
- Review for accuracy:
- Mark as ready:
- Create backup:
- Review for exceptions:
- Prepare deletion:
- Execute deletion:
- Confirm deletion:
- Collect all data:
- Format for transfer:
- Verify completeness:
- Prepare export:
- Review correction request:
- Verify accuracy:
- Make correction:
- Notify requester:
- Completeness Check:
- Accuracy Check:
- Privacy Check:
- Format Check:
- Copy download link
- Open in incognito browser
- Verify download works
- Check file size reasonable
- Verify content complete
- Go to request details
- Click Generate Download
- System creates unique link
- Link expires in 7 days
- One-time download option available
- Click Send Download Notification
- System sends automated email with:
- Update Request Status to “Completed”
- Add Completion Notes:
- Record Completion Date
- Save changes
- Document everything:
- SLOS auto-documents:
- Go to SLOS → DSR Portal → Reports
- Select date range
- Choose report type:
- Download PDF/CSV
- Dashboard shows:
- Alerts:
- Check for follow-up:
- Archive:
- 30-day hold:
- Spot checks:
- Final deletion:
- Check file permissions
- Verify disk space
- Review error log
- Increase PHP memory
- Try smaller export first
- Verify SMTP working
- Check email address valid
- Look for bounces
- Add to allowed list
- Test mail function
- Verify link not expired
- Check IP not blocked
- Test link yourself
- Resend with new link
- Offer manual delivery
- Prioritize request
- Assign to senior staff
- Expedite data collection
- Request extension if necessary
- Document any delays
- Act Promptly – Start within 24 hours
- Stay Organized – Use SLOS tracking
- Document Well – Detailed audit trail
- Verify Data – Quality assurance check
- Secure Delivery – Protect data in transit
- Meet SLA – 30-day deadline (GDPR)
- Train Staff – Team knows process
- Regular Audits – Review quarterly
- Consult with legal team
- Understand applicable laws
- Document all decisions
- Exceptions require justification
- Follow regulatory guidance
- Have retention policy
- Set up DSR Portal
- Train team on procedures
- Create documentation
- Test with sample requests
- Monitor SLA compliance
- Adjust as needed
- Setup DSR Portal
- Export User Data
- Privacy Compliance
Deletion Request
User wants data erased
Portability Request
User wants data in transferable format
Rectification Request
User wants to correct incorrect data
Step 1: Request Submission
User Submits Request
– Requestor name
– Identifying information
– Specific data requested
– Explanation (optional)
Verification Email Sent
System automatically:
User Verifies Identity
Step 2: Admin Notification
Admin Dashboard Alert
– Request type
– Requester email
– Submission time
– Link to review
Check Request Details
Request Details Show:
Step 3: Verification & Assignment
Verify Requester Identity
– ✓ Email verified (automatic)
– ⊗ Manual verification needed (optional)
For high-risk requests:
`
Additional verification completed via phone.
Confirmed identity with last 4 digits of SSN: 1234
`
Assign to Team Member
Set Priority
– Request type
– Deadline urgency
– Requester profile
– Special notes
– Click Priority dropdown
– Select: High, Normal, Low
– High priority shows first in queue
Step 4: Data Collection
Automatic Collection
For most requests, data auto-collects from:
Manual Data Identification
For complex requests:
– User profile
– Posts/pages authored
– Comments
– Custom fields
– Media files
– Transactions
– Support tickets
– Analytics records
– Third-party services
– CRM systems
– Email services
– Analytics platforms
– Payment processors
– Backup storage
Collect Third-Party Data
If you use external services:
– Send data request
– Collect response
– Include in export
Step 5: Process Request
For Access Requests
– WordPress user data
– Post history
– Comments
– Site analytics
– Tracking records
– Consent history
– Select format (JSON, CSV, PDF)
– Verify completeness
– Test download link
– Ensure readability
– Verify all data correct
– Check no sensitive internal notes
– Confirm personal data complete
– Change status to “Ready for Export”
– Generate download link
– Set expiration (7 days recommended)
– Send to requester
For Deletion Requests
⚠️ IMPORTANT: Follow careful process
– Export user data before deletion
– Store in secure location
– Document timestamp
– Keep for compliance (30 days minimum)
– Legal obligations (taxes, contracts)?
– Active disputes?
– Ongoing litigation?
– Regulatory holds?
– Document any exceptions
– List data to be deleted
– Verify scope with admin/legal
– Check for dependencies
– Plan deletion sequence
– Delete user account (soft delete first)
– Delete authored content (if approved)
– Delete comments
– Delete personal data
– Clear tracking cookies
– Update third-party services
– Document completion time
– Verify data gone (spot check)
– Archive backup
– Send confirmation email
– Update request status
For Portability Requests
– Same as access request
– Comprehensive data gather
– Include third-party data
– All formats possible
– Use standard format (JSON preferred)
– Portable structure
– Complete metadata
– Clear documentation
– All user data included
– Accurate and current
– Properly formatted
– Can be imported elsewhere
– Create ZIP file
– Include all formats
– Add documentation
– Secure transfer method
For Rectification Requests
– What data is incorrect?
– What should it be?
– Request evidence?
– Is request valid?
– Have records?
– Can we verify?
– Update user profile
– Update metadata
– Log change
– Document date/time
– Send confirmation
– Show updated data
– Explain changes made
– Ask for verification
Step 6: Quality Assurance
Review Export Before Sending
– All categories included
– No data truncated
– All attachments present
– Complete records
– Data is current
– No errors
– Dates correct
– No sensitive internal info
– No internal notes exposed
– No other users’ data included
– No business secrets
– Only user’s own data
– Proper formatting
– File not corrupted
– Readable structure
– Test download
Test Download Link
Step 7: Send to Requester
Generate Download Link
Send Notification Email
– Unique download link
– Instructions for accessing data
– Link expiration date
– Contact info for questions
– Confirmation of completion
– SLA confirmation
Document Completion
`
Export generated 2025-01-15
Format: JSON
Size: 2.4MB
Download notified via email
`
Step 8: Compliance Documentation
Keep Audit Trail
– Request date
– Requester identity
– Verification method
– Data collected
– Completion date
– Export method
– Notification sent
– Download status
– All actions logged
– Timestamps recorded
– User actions tracked
– Email copies saved
Generate Compliance Report
– All Requests
– Response Times
– SLA Compliance
– By Request Type
– By Status
SLA Compliance
Monitor 30-day deadline:
– Days remaining
– Color coded urgency
– Approaching deadline alerts
– Overdue flags
– 7 days before deadline
– 1 day before deadline
– After deadline (escalation)
Step 9: Follow-Up
After Completion
– User has 7 days to download
– Monitor download status
– Follow up if not downloaded
– Move to completed folder
– Keep records for audit
– Annual retention review
– Delete per policy
Deletion Request Special Follow-Up
– Keep backup 30 days
– Verify deletion complete
– Check no data reappears
– Verify user can’t login
– Verify profile deleted
– Verify data not accessible
– Check third-parties removed
– After 30 days delete backup
– Document final deletion
– Update status to “Permanently Deleted”
– Archive record
Troubleshooting
Data Not Exporting
Email Not Sending
User Can’t Download
SLA Deadline Approaching
Best Practices
Legal Considerations
⚠️ Important:
Next Steps
Related Articles
Share this article
Still need help?
Our support team is ready to assist you with personalized guidance for your workspace.