Data subjects and data actions
A DSR workflow is a customizable process for handling Data Subject Requests. With Transcend DSR Automation, you can choose to customize several aspects of your DSR workflow according to your needs, depending on the details of the request. These customizations include things like different authentication methods, different identity enrichment steps, custom legal holds or waiting periods, and much more.
This section covers how to create and manage the different types of DSR requestors, also known as "data subjects". We refer to "data subject" as a person whose data you control or process, in line with GDPR's own definition.
A single company may collect and/or process the data of several different types of data subjects. These data subject groups could be things like
Job Applicants, etc. Each of these might have data stored and processed by different parts of your organization, in different ways. Transcend facilitates the management of all these scenarios by allowing you to specify and manage your organization's "data subjects" in the tab of the DSR Automation page, where you can specify things like different authentication flows for different Data Subject types, or the different data actions that each data subject can submit.
This section covers the different types of DSRs available to the data subjects, as well as well as details on configuring each.
To configure your existing data actions, navigate to "DSR Automation > Request Settings" and click on the pencil next to each action you would like to edit.
You can enable a waiting period before certain requests are to be processed. This gives time for the user or your team to cancel the request if necessary. You can also disable automatic fulfillment and require an approval. You can make these changes by going to . Once there, click the edit icon on "Erasure" and you'll see a settings view.
We currently support two types of wait periods:
When someone is deleting their account, you may want to give them the option to back up the data before deleting it for good. When this feature is in use the workflow will look like:
- Compile a report with all the data for the user across the integrations
- Send the user a link to download their report and wait 2 weeks before deleting the account. The Data Subject has the option to cancel their request at any time on the Privacy Center.
- After the 2 week delay period, the erasure process will begin. At this stage, the user will no longer be able to download their data or cancel their request.
To enable this feature ensure the setting named "Begin erasure immediately and prevent file downloads" is unchecked. If you turn on this checkbox, there will be no delay period, and the request will begin to erase immediately after the request is approved.
To require an approval before sending the final report to the data subject, enable "Approval Before Send". Note that "Approval Before Send" only affects the final report, and not the actual data erasure.