GDPR and Data Subject Request flow

Article 12 GDPR contains most of the data subject request flow. It requires that data controller to:

• Make easy exercising the rights for data subjects (authomatic setting in user's page on a website can be an example, or unsubscribe bottom);
• Provide on a request as soon as possible and within one month from the request.
• Allow electronic means as form of exercise data subjects rights instead of other means (i.e. postmail)
• Remember to illustrate in your privacy notice how to exercise data subjects right. 

The responsibility for complying with data subject rights is on the data controller and note that fines for noncompliance are the highest (up to 20 million Euro or 4% annual turnover if higher). Therefore, you must ensure that your staff is trained in complying with data subject rights.

You should set rules in your internal procedures on data subject rights. Here you can find some useful templates:

GDPR Consent & Data Subject Rights Toolkit: https://advisera.com/eugdpracademy/eu-gdpr-consent-data-subject-rights-toolkit/ 

Here you can find the free EU GDPR Data Subject Access Request Flowchart: https://info.advisera.com/eugdpracademy/free-download/eu-gdpr-data-subject-access-request-flowchart 

Here is the text of the Article 12 from GDPR: https://advisera.com/eugdpracademy/gdpr/transparent-information-communication-and-modalities-for-the-exercise-of-the-rights-of-the-data-subject/  

You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//