Press Release

OneTrust’s Enhanced Data Subject Access Rights (DSAR) Portal Automated Over 10,000 Requests

With OneTrust, organizations globally have scaled their privacy programs to meet the increased demands of data subjects

June 13, 2018

OneTrust, the global leader in privacy management and marketing compliance software, today announced its data subject access rights (DSAR) tool has helped organizations handle more than 10,000 requests within two weeks of the General Data Protection Regulation (GDPR) go-live date of 25 May.

OneTrust’s DSAR tool is based on deep privacy research and gives an organisation a scalable and secure way to handle individual rights requests from customers, employees, partners and other data subjects under the GDPR. Recent updates to OneTrust’s DSAR tool gives organisations more options to customise and automate workflows, offers built-in translations to 100+ languages and enhances reporting and metric capabilities.

[Register for the webinar: Live Demo: How to Automate Data Subject Rights Requests with OneTrust on Thursday 21 June at 16:00 CET/15:00 BST/10:00am EDT]

The GDPR outlines nine distinct rights for data subjects, including data portability, access, erasure and rectification. Providing this service manually can require complicated and time-consuming internal actions, from processing the request, verifying the data subject’s identity, locating the data and responding in a timely fashion. Under the accountability principle, GDPR also requires that organisations be able to demonstrate compliance with their obligations. This means organisations may need to produce records that data subject access requests have been handled appropriately, which can be an additional laborious process if done manually.

The OneTrust DSAR portal helps companies automate data subject requests. Data subjects can submit their request through a branded web form embedded in an organisation’s privacy policy. The requests are added to a queue for privacy and IT teams to complete via automatic, customisable and pre-configured processes. If the company needs to communicate with or get additional information from the data subject, they can utilise secure, encrypted messages right form the OneTrust platform. The web form is available in 100+ languages and the data subject can select their preferred language for all communications.

[Watch a 5-minute demo video of OneTrust’s DSAR Portal:]

OneTrust helps organisations automate DSAR requests in five steps:

  1. Request intake: Data subjects make their request and upload a copy of their identification. Once submitted, the request is recorded into the OneTrust platform for processing.
  2. Assignment workflows: Companies can then validate the data subject’s identity, start assignment workflows across internal teams and track deadlines. OneTrust will automatically request an extension if the one-month deadline is approaching.
  3. Find the data: With integrations into the OneTrust Data Mapping tool, as well as an automation API, companies can locate the subject’s data and process it based on the request. OneTrust also links with internal IT service management tools to consolidate requested information across multiple services.
  4. Communicate responses: Throughout the process, organisations can easily communicate with the data subject through secure, encrypted communications from the OneTrust platform. Once the request has been completed and the data subject is satisfied, settings allow for attachments to be automatically deleted and the user’s access to the portal is automatically revoked after a certain time.
  5. Metrics and reporting: From the OneTrust platform, organisations can review responses received, average turnaround time and cost metrics about all requests received.

The process can be tailored in OneTrust to reflect the unique structure of the organisation. These customised workflows can automatically create sub-tasks to business and IT owners, request the submission of necessary information and can control the access, editing and advancement of the request. For compliance purposes, OneTrust maintains a full audit trail of any changes made on a request.

“Expanded rights for data subjects are a positive step forward in GDPR, however, can be a manual and complicated obligation for organisations to handle appropriately,” said Kabir Barday, OneTrust CEO and Fellow of Information Privacy (FIP). “That’s why we built the OneTrust DSAR portal to automate and record the full lifecycle of data subject requests. Privacy and IT teams are now equipped with a highly scalable tool to automate processing those requests. Like all of our products, our DSAR solution is designed based on deep privacy research and a firm understanding of the requirements under GDPR and is deeply integrated with our data mapping, PIA/DPIA and other privacy management modules.”

For additional information, or to request a live OneTrust Privacy Management Software demo, visit or email


  • Register for the webinar: Live Demo: How to Automate Data Subject Rights Requests with OneTrust on Thursday 21 June at 16:00 CET/15:00 BST/10:00am EDT
  • Learn more about OneTrust DSAR Portal
  • Request a demo of the OneTrust DSAR Portal
  • Connect with OneTrust on TwitterLinkedInFacebook and Google+


About OneTrust

OneTrust is the global leader in privacy management and marketing compliance software. More than 1,500 customers, including 200 of the Global 2,000, use OneTrust to comply with data privacy regulations across sectors and jurisdictions, including the EU GDPR and ePrivacy (Cookie Law). An additional 7,000 organizations use OneTrust’s technology through a partnership with the International Association of Privacy Professionals (IAPP), the world’s largest global information privacy community.

The software, available in 50+ languages, is backed by over 15 awarded patents and can be deployed in an EU cloud or on-premise. The comprehensive platform is based on a combination of intelligent scanning, regulator guidance-based questionnaires, automated workflows and developer plugins used together to automatically generate the record keeping required for an organisation to demonstrate compliance to regulators and auditors. The platform is enriched with content from hundreds of templates based on the world-class privacy research conducted by our over 100 in-house certified privacy professionals.

OneTrust helps organisations implement GDPR requirements, including Data Protection by Design (PbD), Data Protection Impact Assessments (PIA/DPIA), Vendor Risk Management, Incident and Breach Management, Records of Processing (Data Mapping), Universal Consent and Preference Management, ePrivacy Cookie Consent, Data Subject Access Rights, Portability and Right to Be Forgotten.

PrivacyConnect, OneTrust’s global user community, hosts in-person workshops in over 40 international cities, and is attended by thousands of privacy professionals to share best practices.

OneTrust is co-headquartered in Atlanta, GA and in London, UK, with additional offices in Munich, Bangalore and Hong Kong. The fast-growing team of privacy and technology experts surpasses 400 employees worldwide.

You may also like


Privacy & Data Governance

Understanding the EU Data Boundary

Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.

September 22, 2023

Learn more


Privacy Management

Privacy in practice: PIA & DPIA with PA Consulting

Join OneTrust and PA Consulting as we discuss what makes an effective PIA, best practices, and the benefits of automation.

September 21, 2023

Learn more


Privacy & Data Governance

Privacy in practice for data mapping: With PA Consulting and Syngenta

Join OneTrust and panelists from PA Consulting and Syngenta as we explore practical ways to build an effective data mapping program, best practices, and the need for automation.

September 14, 2023

Learn more