The document discusses subject access requests under the GDPR and how content services can help comply. It provides an overview of key data subject rights like access, rectification, erasure. It then outlines the typical process for handling a subject access request, from submission to discovery, review, response generation and delivery. It also presents analytics and demonstration capabilities as well as other use cases for content services in GDPR compliance.
2. 1
2
4
3
GDPR, The Rights of the individual
Subject Access Request
Complaints to the ICO
How Can Content Services Help You
Comply?
Agenda
3. Objection
Art. 21
Data Portability
Art. 20
Automated Decision Making
Art. 22
Rectification
Art. 16
Erasure
Art. 17
Restriction of Processing
Art. 18
GDPR – The Rights of the
Individual
Data Subject Rights
Access
Art. 15
X
Controller can no longer
charge and must comply
without ‘undue delay’ and ‘at
least within one month’.
Controller must use
reasonable means to verify the
identity of the person making
the request. 3
4. Subject Access
Request
4
Access
Art. 15
Data controllers must on request provide a copy of the data undergoing processing and if this request is made
electronically then the information should be provided in a commonly used electronic form.
The purpose of
processing and the
categories of data
processed
The recipients or
categories of recipients
The retention period or
criteria used to
determine this period
The person’s rights of
rectification, erasure, to
restrict or object to
processing
Any automated decision making, including
information about the logic involved and the
significance and envisaged consequences of the
processing on the data subject
Information regarding the
source of the data
The right to lodge a complaint
with a supervisory authority
(ICO)
5. 2016-17
18,354
Complaints to the ICO
Source: ICO Annual Report 2017
2015-16
16,388
12%
60%
Subject Access
Request 42%
Inaccurate Data
11%
Right to prevent
processing 7%
7. Nuxeo
Nuxeo, developer of the leading, cloud-native
content services platform, is reinventing enterprise
content and digital asset management. Nuxeo is
fundamentally changing how people work with both
data and content to realize new value from digital
information.
7Digital Asset Management Document Management Case Management Knowledge Management
Founded in 2008
8 offices across Europe and US
8. 8
Subject Access
Request As a Customer, Employee,
Citizen, Student…
The rules are changing:
No longer chargeable
Reduced time to respond
Many organisations are
expecting an increase in
requests
9. Subject Access Request Processing
9
Discovery
Review RespondExceptions
Submit Capture
Bill Matt
Rachel
13. Information to identify
13
Personally Identifiable Information
Reason for collection and storage
Date originally recorded
Retention and Removal schedule
Access and use within organisation and externally
15. Review
15
Assigned for review
Attached cover letter
Sign-off for report production &
delivery
16. Generate response
for delivery
Generate report
Delivery based upon method
selected
Online Account for existing customers
Guest login for non-customers
Print for Face to Face or courier
delivery
16
19. Additional Capability
19
Identity verification processing
Retention, archiving and disposal
PII Detection
Management and attachment of additional
collateral
Information usage
Privacy Policy
Your rights
20. Other Use Cases
20
• GDPR Process & Compliance
Documentation
• Storage and Management of Customer
documents, correspondance and
reports
• Audit trail of updates and access
• Legal Artefacts