The Subject Access Request (SAR) feature helps you serve personal data requests and comply with regulations like the General Data Protection Regulation (GDPR). Egnyte Secure and Govern can automatically retrieve documents containing personal information about data subjects. The export and deletion features enabled the service of notification and right-to-be-forgotten requests.
Subject Access Request Types
When the subject requests a summary of information collected about them, an Admin should submit a Notification SAR. The workflow notifies Administrators about completed requests, which can be inspected and exported.
When a subject requests deletion of personal information collected about them, an Admin should submit a Right-to-be-Forgotten SAR. The workflow gives Administrators a one-click deletion option after the request is completed.
Create a Subject Access Request
- Open the Compliance tab in Secure & Govern and select Add Request.
- Select the Request type based on what information is needed.
- Choose the Target service time to determine how long the request will remain active before expiring.
- Provide the name of the subject of the request (first and last name are required).
- To add additional identifiers, click on Add another identifier. You will be able to choose a supported country (based on the jurisdiction configured in your Content Classification settings) or pre-selected recommendations. After selecting a jurisdiction, you will be able to search for available identifiers. Identifiers include Social Security Number, Passport Number, and National Insurance Number.
- Once all of the relevant information has been entered, click Create request.
Upon completion of the request, the Administrator will receive an email notification that the request is ready to serve. When accessing the results, you will have the ability to select which files you wish to take action on. Simply uncheck the files that you do not wish to export/download/delete and they will not be affected when that action is initiated.