Information Technology
GDPR Data Subject Request
Compliant GDPR Data Subject Access Request workflow: identity verification, request categorization, data discovery across systems, legal review, deletion handling, and audit trail archival.
16steps
17connections
Process steps
1
Verify Requester Identity
Privacy Officer · OneTrust
2
Reject and Notify Requester
Privacy Officer · Secure email
3
Categorize Request Type
Privacy Officer · OneTrust
4
Notify Stakeholders (Engineering and Legal)
Privacy Officer · Slack + Jira
5
Data Discovery Across Systems
Engineering · BigID + custom scripts
6
Compile Personal Data Report
Privacy Officer · OneTrust
7
Legal Review of Response
Legal Counsel · OneTrust
8
Apply Redactions if Needed
Privacy Officer · OneTrust
9
Execute Deletion Workflow
Engineering · BigID + custom scripts
10
Confirmation of Deletion Captured
Privacy Officer · Audit log
11
Send Response to Data Subject
Privacy Officer · Secure portal
12
Audit Trail Archived
Privacy Officer · OneTrust
Related templates
IT Incident Management
ITIL-based incident management from detection to post-mortem.
Release Management
Software release management from planning through deployment to production.
ISO 27001 Quarterly Access Review
ISO 27001 / SOC 2 quarterly user access review: identity inventory, manager attestation, privileged access review, SoD conflict analysis, excess access revocation, and audit-ready evidence archival.
Need a custom process?
Upload any document (meeting notes, SOPs, emails) and LucidFlow's AI will generate a BPMN diagram automatically.
Try for free