Printed from CheckTick DSPT Compliance Documentation
Data Rights Request Tracker (SAR & Objection Log)
Policy: All requests must be responded to within 30 days. Responsible Officer: [SIRO Name] (DPO)
| Date Received | Requester Type | Request Type | Category | Status | Date Completed | Actions Taken |
|---|---|---|---|---|---|---|
| [YYYY-MM-DD] | User / Respondent | SAR / Objection / Erasure | Account / Survey | Open/Closed | [YYYY-MM-DD] | [ID Verified; Exported; Deleted; etc.] |
Internal Handling Instructions:
- Verification: Do not share any data until the requesterβs identity is verified (e.g., via the registered email address or account transaction ID).
- Clock Start: The 30-day statutory clock starts the day the request is received.
- Role Check: - If Account Data: Handle as the Data Controller.
- If Survey/Patient Data: Immediately notify the relevant Customer (Data Controller). We act as the Processor to fulfill their instructions.
- Final Review: The DPO must review the response before it is sent to ensure no third-party PII is accidentally disclosed.