Learn about subject rights requests

In accordance with certain privacy regulations around the world, individuals (or data subjects) may make requests to review or manage the personal data about themselves that companies have collected. These requests are sometimes also referred to as data subject requests (DSRs), data subject access requests (DSARs), or consumer rights requests. For companies that store large amounts of information, finding the relevant data can be a formidable task.

Privacy management can help you handle these inquiries through subject rights requests. It provides workflow, automation, and collaboration capabilities for helping you search for subject data, review your findings, collect the appropriate files, and produce reports.

How privacy management supports subject rights request fulfillment

The subject rights request cycle begins with an individual’s request to your organization. Once received, you can use privacy management’s capabilities to gather that data, collaborate, review, and create reports. You can then inform the data subject of your findings and take any other actions needed outside of privacy management to fulfill the request, such as deletion of data. To help manage and automate your workflows along the way, you can also utilize privacy management's integrated Power Automate templates.

Workflow for subject rights requests.

Create requests and collect data

Privacy management provides powerful search options for finding data related to your data subject in the content your organization stores in Microsoft 365. It also helps you prioritize items to review within the data you collect for these requests. Privacy management is aware of Microsoft Information Protection sensitivity labels, which indicate content that is potentially confidential and may necessitate special review, and it flags items with these labels. In addition, privacy management can detect and flag items that may contain the data of multiple people, where you may need to redact content prior to supplying it to the data subject.

To learn more, see Create a subject rights request.

Data matching

With data matching, you can enable privacy management to identify data subjects based on exact supplied data values. Uploading information of this type can help increase the accuracy of locating content, and it simplifies the need to supply fields manually during subject rights request creation. It also provides context within subject rights requests and for the Overview tile that showcases your items with the most data subject content. To learn more, see Manage data matching.

Review data and collaborate on requests

After data has been collected, you can evaluate the results, select the most relevant items to include in your reports and exports, and make any necessary redactions. This can be accomplished collaboratively between your team members within the privacy management pipeline. To learn more, see Review and collaborate on subject rights requests.

Fulfill requests

Privacy management gives you tools to create reports and collect files to send back to your data subjects. To learn more, see Manage subject rights requests exports and fulfill requests.

Automate tasks

You can create and automate workflow processes within privacy management with built-in Power Automate templates. These templates support tasks like filing tickets in ServiceNow or setting up calendar invites. To learn more, see Automate subject rights request tasks.

Privacy management legal disclaimer