Plug-and-play solution to verify Data Subject Rights requests
According to the new General Data Protection Regulation (GDPR), companies must be 100% transparent about the personal data they store and process. The newly-defined Data Subject Rights (DSR) include each individual’s right to request a transcript of their personal data. They also have the right to correct it, delete it, and restrict the ways it’s used.
The GDPR also states that companies must take all reasonable steps to verify the identity of data subjects requesting access to their personal data. This is to prevent fraudulent data requests from resulting in unauthorised disclosures of personal data.
How will our company process Data Subject Rights requests when the GDPR goes into effect on May 25, 2018?
We don’t know how to handle customer information requests in a GDPR-compliant manner
We don’t have the time, budget or possibility to develop our own solution
We don’t know how to prevent disclosing personal data to the wrong individual
How do we avoid being a victim of fraud or enabling identity theft?
To solve this challenge quickly and easily, Scrive has developed a unique, standardised process that has been analysed and approved by GDPR experts. Scrive GDPR-DSR is a plug-and-play solution which enables you to implement a GDPR-compliant request verification flow without any development. It only requires a link on your website, and you can customise the module with your colours and logo.
The module consists of a DSR web form where the data subject selects the type of request they wish to make and then enters their contact information. The individual is then taken to a confirmation form showing the details of their request.
To verify the individual’s identity, they then confirm the request with an electronic signature using BankID (for secure identification). After the data subject signs and is verified, you can direct them to any page on your website.
Scrive GDPR - DSR also supports signing with Norwegian BankID and Danish NemID. Authentication via SMS PIN is available for individuals without e-credentials.
The signed request contains everything you need to continue processing the request, including an audit trail: the type of request, data subject contact details, and proof of identity verification. The automated flow can send the document directly to a designated email, such as your Data Protection Officer.
Scrive GDPR - DSR is your one-step solution to GDPR-compliant handling of data requests:
Plug-and-play, no development required
Analysed and approved by GDPR experts
Secure identification and signature via BankID to prevent fraud
Customisable with your colours and logo for maximum recognition
Unique and standardised process
Short implementation time
Scandinavian-wide solution via BankID / NemID