GDPR data access portal

Logging into the GDPR data access portal

By default, the end user (subject) can log into the GDPR data access portal by accessing its public URL. For example, if your public URL is https://datahub-subscription_id.domain.com the data access portal URL should be https://gdpr-dap-subscription_id.domain.com

You can find the public URL of your GDPR platform by navigating to the "GDPR data access portal" section on the left hand side of the management studion and clicking on the "Network" tab. Under the heading "Data Access Portal backend" you can find the public URL of the GDPR data access portal. It will look something like this:

https://gdpr-dap-subscription_id.sesam.cloud

When accessing this page the user must first identify themselves by logging on using a predefined credential such as email or mobile phone number. After doing this, the user will be sent a one-time passcode to be used to log in. This pass code will expire when the user ends their session or after a certain idle time. If the session expires the user has to log on again.

After having logged in the first time, the user can either send a request for their data or they can request that their data be deleted.

Making a data access request

A end user requesting data results in a GDPR access request being sent to the GDPR platform. This will trigger an email being sent to all unique contacts entered into the Data types and purposes setup Excel spreadsheet mentioned in the previous section.

The email contains a link to an Excel file that the recipient of the mail can download and fill out. Once filled out, it can then be uploaded through the GDPR platform and the contained data will be made available to the subject through the GDPR data access portal interface.

Note that the user that receives this email must also be registered as a user in the Sesam portal and be granted the "GDPR operations" role in the GDPR platform user-interface.

The data access request excel template

Each responsible person receiving the email about a data access request must be a member of the GDPR platform so they can log in to download the Excel template they need to fill out with the subject's data. They must also be granted the "GDPR operations" role in the GDPR platform membership user-interface.

The first sheet of the spreadsheet is called "DataSubject" and contains information about the subject of the data access request, such as "DataSubjectId" which should be a field containing a value that reflects the logged in user (for example email, phone number, customer number or similar). It also contains a timestamp for when the request was made (in the UTC time zone), in case multiple requests have been made one can choose the fill out the newest template.

Note that none of the fields in the first "DataSubject" field should be changed manually - they are needed as-is when uploading the completed spreadsheet.

The rest of the sheets in the spreadsheet is enumerated by data type, one per system in the "Data type" sheet of the configuration setup spreadsheet, see the previous section for details.

These are the sheets that must be filled out by the receiver of the template and uploaded when finished.

The data is assumed to be tabular and in a form where each row has a unique id. Thus each sheet contains a single, obligatory column id. The other columns must be defined by the person filling out the data and will typically be columns from a SQL database or some other tabular datasource.

After setting up the columns, the person must then extract the relevant data for the data subject somehow from the system(s) in a form suitable for entering into Excel and insert one row in the Excel sheet per tabular data row in the source data (the values must be in the correct sequence so the column names match the source data).

After all the sheets per data type has been extracted and filled in the spreadsheet, the resulting file can then be uploaded to the GDPR platform by navigating to the "GDPR" section on the left hand side and using the "Upload data request template" form under the "Access request" tab.

The result of this action is two-fold:

  • The data is encrypted using the data subjects public key, stored in the GDPR platform datahub and then sent to the GDPR data access portal (where it can only be decrypted by the data subject's private key, which is only stored on the subject's computer).
  • A notification email is sent to the subject that the requested data is available, if the subject has a registered email address.

Note that there is an half-an-hour delay between uploading data and the notification email being sent. This is to ensure that the GDPR data access portal has been fully updated with the uploaded data before notifying the subject.

If there is more than one spreadsheet to be filled out (for example if there are multiple data types with multiple different contact persons), one notification email is sent each time a new filled-out spreadsheet is uploaded.

Making a data deletion request

A data deletion request is treated by the GDPR platform as a revocation of all consents. It is essentially a special case of a change request as described in the previous section. For a manually updated GDPR platform it results in a notice being sent to the registered handlers of each data type, with a link to downloadable spreadsheet for the data types the handler should process. The handler then has to manually delete the data the revoked consent is linked to in the source systems, and then upload a updated spreadsheet for the data in the same way as with a ordinary access request.

Note that the "contact" that receives such an email must be registered as a user in the Sesam portal and be granted the "GDPR operations" role in the GDPR platform user-interface.

For an automated GDPR platform, it is possible to process deletion requests automatically by triggering deletions/changes directly in the source systems. See the GDPR platform developer documentation for information about automation and the APIs offered for implementing such a mechanism.