TODO.LAW™ DPO CENTRAL
DocsSign In

DSAR Management

Handle data subject access requests from submission to completion. Track SLA deadlines, assign tasks to your team, and provide a public portal for data subjects to submit requests.

Request Lifecycle

Every DSAR moves through a defined lifecycle with automatic SLA tracking. The system monitors deadlines and alerts your team when action is needed.

1

Submitted

Request received

2

Identity Check

Verify data subject

3

In Progress

Processing request

4

Review

QA before delivery

5

Completed

Response delivered

SUBMITTEDIDENTITY PENDINGIN PROGRESSON HOLDCOMPLETEDREJECTED

Request Types

DPO Central supports all GDPR data subject rights as request types.

ACCESS

Right to access personal data held by the organization (Art. 15)

ERASURE

Right to be forgotten - deletion of personal data (Art. 17)

RECTIFICATION

Right to correct inaccurate personal data (Art. 16)

PORTABILITY

Right to receive data in a machine-readable format (Art. 20)

OBJECTION

Right to object to processing of personal data (Art. 21)

RESTRICTION

Right to restrict processing of personal data (Art. 18)

Task Management

Break down each DSAR into actionable tasks and assign them to team members. Track progress, add notes, and ensure nothing falls through the cracks.

Example Tasks for an Access Request

Verify identity of data subjectPrivacy Officer
Search CRM for subject recordsIT Team
Search email archivesIT Team
Compile and review data packagePrivacy Officer
Redact third-party dataLegal
Deliver response to data subjectPrivacy Officer

SLA Tracking

The system automatically calculates SLA deadlines based on the request type and your configured response periods. Visual indicators show remaining time and alert you when deadlines approach.

30

days standard

60

days extended

72h

breach notification

Public Portal

Give data subjects a dedicated portal to submit requests. The portal is customizable with your organization's branding and generates a shareable link you can add to your privacy policy.

Portal URL

https://dpocentral.todo.law/dsar/your-org-slug

Share this URL in your privacy policy so data subjects can submit requests directly. The portal supports all request types and collects identity verification information.

Intake Form Configuration

Customize which fields appear on your public DSAR intake form. Configure required vs. optional fields, add custom questions, and set automatic routing rules based on request type.

Processing a DSAR Request

1

Receive Request

System

A data subject submits a request through the public portal or you create one manually in the dashboard.

2

Verify Identity

Privacy Officer

Confirm the identity of the data subject. Update the request status to reflect the verification outcome.

  • Request additional ID documents if needed
  • Mark identity as verified or rejected
3

Create and Assign Tasks

Privacy Officer

Break the request into tasks and assign them to the relevant team members.

4

Collect and Review Data

Team

Team members search systems, compile data, and upload findings. The privacy officer reviews for completeness.

5

Deliver Response

Privacy Officer

Send the final response to the data subject and mark the request as completed.