The GDPR app is a central platform for managing user data requests. When a user contacts your organisation with a query relating to their data, go to the Access Request tab on the app menu. From here you can view Access Requests that have been made and, more importantly, you can create a new Access Request.
How to create a new Access Request:
- Add Personas - Input the name of the person to whom the access request relates.
Note: You may have multiple personas for an individual if the identifiers are not linked. It is important to include each relevant persona to the access request to ensure you provide the user with the complete picture of their data.
- Preview to ensure ‘sanity’ of the data i.e. always make absolutely certain that the data relates to the individual for whom you are making the request.
- Choose an Access Request Name - This should be a short descriptive name of the request that will be displayed in the Actions Required log. This will be useful for tracing the request for auditing purposes.
- Add an Access PIN - Create a secure 10 digit PIN that the individual will need to input in order to access their data. Alternatively, this can be generated automatically by clicking
- Confirm and Create the new Access Request - Completing the request will take you to the list of Access Requests. Locate the request you just created using the descriptive request name. Take note of the credentials (unique URL and PIN) and pass these onto the user so that they can action the options they have in relation to their data.
Once an individual has initiated an Action Request in relation to their data, the request will be displayed in the “Actions Required” tab.
This tab is the overview of all information necessary for you to manage and track each request. The at-a-glance view includes the specific action that needs taking, when it was created, and a message from the user.
Action the request
From the Actions required tab there are three options for dealing with the request:
- View Access Request
- Send Email to HT2
A status message can also be added/edited to provide notes on the stage at which the request sits in the handling process for auditing purposes.
View Access Request
Going through to the Access Request will provide much more detailed insight into the user who initiated it, including their identifiers and attributes, a preview of their learning activity in the form of xAPI statements, and their request logs.
Note: The request logs display a record of each instance the user has accessed their data and the requests they have made. This ensures a comprehensive audit log with clarity around whether or not an action has been taken, and if so: when it was taken.
Send Email to HT2
This button will automatically generate and send an email to HT2 Labs with all the information necessary for them to action the request.
Marking the action as resolved takes the item out of the ‘Actions Required’ tab and moves it into the ‘Access Request Logs”. It will also mark the item as resolved on the individual user’s log.
Note: Use the Status Message to make notes relating to where the request is in the process, as well anything relevant for auditing.