OneTrust, a global leader in enterprise privacy management software that supports compliance with data privacy regulations like the EU General Data Protection Regulation (GDPR), today announces the launch of the OneTrust Data Subject Access Request (DSAR) Portal.

Data subjects include customers, employees, or third parties whose personal data can be used, stored, or processed by organisations.

OneTrust’s DSAR Portal is the first to market, allowing data subjects to submit requests directly to organisations that process their data, and allowing organisations to demonstrate compliance and automate record keeping by operationalising the fulfilment of data subject requests.

The enterprise-grade portal is highly scalable, tailorable, multi-lingual, and can be deployed either in the cloud or on-premise to meet global data residency requirements.

The OneTrust DSAR Portal is fully integrated into the comprehensive OneTrust privacy management platform, one of the world’s most prevalent technologies used to support and implement a GDPR-based privacy program.

“The addition of the DSAR Portal to OneTrust’s privacy management platform emphasises OneTrust’s unique position in the market and capability to deliver the most comprehensive, easy-to-use, and well-researched platform,” said OneTrust CEO and Fellow of Information Privacy (FIP), Kabir Barday, CIPP US/E, CIPM, CIPT.

The GDPR goes into effect on 25 May 2018, and outlines distinct data subject rights for EU customers and employees:

  • Article 12: Exercise of the Rights of the Data Subject
  • Article 13 & 14: Right to Be Informed
  • Article 15: Right to Access
  • Article 16: Right to Rectification
  • Article 17: Right to Erasure (“Right to be Forgotten”)
  • Article 18: Right to Restriction of Processing
  • Article 19: Notification Obligation
  • Article 20: Right to Data Portability
  • Article 21: Right to Object to Processing
  • Article 22: Right to Object to Automated Individual Decision Making
  • Article 7(3): Right to Withdraw Consent

These GDPR Articles have also created new operational requirements for organisations to “facilitate” the requests (Art 12(2); Rec 59) both “electronically” (Art 12(1), (3); Rec 59), and within a specified time-period (Art 12(3); Rec 59), through demonstrable record keeping (Art 5; Rec 39) and clear communication (Art 12(1); Rec 58). Thus, international organisations, across size and sector, are significantly transforming their business processes to comply with the new data subject rights obligations.

Non-compliance and infringements of data subject rights triggers the highest tier of administrative fines in the GDPR – up to 4% global revenue, or €20M. Perhaps more concerning is that data subjects are granted the right to seek compensation for damages suffered (Art 82; Rec 146), which is why many regulators and industry experts expect the new regulations to lead to an increased risk of class action law suits and brand/reputation damage if companies fail to properly meet the rights of data subjects.

“As consumers become more aware of data privacy rights around the world, especially under the GDPR, organisations are highly anticipating an increase in the number of data requests,” said Jason Sabourin, OneTrust DSAR Product Management Lead. “The OneTrust DSAR Portal has been developed to meet these new demands based on input from EU regulator-based sources and trusted industry and legal professionals.”

OneTrust’s DSAR Portal gives privacy teams the ability to tailor a branded web form (linked from their privacy policy web page), receive notification of a submitted request, validate the subject’s identity, and file an extension if the one-month deadline is approaching.

The organisation can also access the underlying data inventory and map to fulfil the request, transmit the data to the individual through a secure portal, and generate the proper documentation for evidence in the event of a regulator inquiry.

“OneTrust’s commitment to innovations like the DSAR Portal is backed by our global size and scale, significant investments in R&D, and access to leading sources of insight into how regulators may enforce the GDPR,” Barday continued. “Our ability to execute in the emerging privacy management market is distinctly unique, and we look forward to working in partnership with the industry of privacy professionals to continue delivering practical solutions for complex regulatory requirements.”

Click here to watch a 5 minute video demo of OneTrust’s Data Subject Access Rights Portal.

Register to attend a free local GDPR implementation workshop to learn more about Data Subject Rights in GDPR.

For more information, OneTrust will be hosting an Exclusive Data Subject Access Rights (DSAR) Portal webinar on Thursday, October 2611:00am ET / 4:00pm UTC.  Registration is available online

For additional information, or to request a live demo, visit or email [email protected].

About OneTrust
OneTrust’s privacy management software is used by more than 1,500 organisations to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and ePrivacy (Cookie Law).

The multi-lingual software is deployed in an EU cloud or on-premise, and is based on a combination of intelligent scanning, regulator guidance-based questionnaires, and automated workflows used together to automatically generate the record keeping required for an organization to demonstrate compliance to regulators and auditors.

OneTrust helps organisations implement GDPR requirements, including: Data Protection by Design, Data Protection Impact Assessments (PIA / DPIA), Vendor Management, Incident and Breach Management, Records of Processing (Data Mapping), Consent Management, ePrivacy Cookie Compliance, Data Subject Access, Portability, and Right to Be Forgotten.

Backed by the founders of Manhattan Associates (NASDAQ: MANH) and AirWatch ($1.54B acq. by VMware), OneTrust is co-headquartered in London, UK and Atlanta, GA with a fast-growing global team of privacy and technology experts surpassing 200 employees.