ConsentProof Verify a receipt · تحقق من إيصال Start free · ابدأ مجاناً

Data subject rights operations تشغيل حقوق أصحاب البيانات

الخلاصة بالعربية طلبات أصحاب البيانات — اطلاع، تصحيح، محو — تصل من ثلاث قنوات وتصب في طابور واحد بسجل تدقيق واحد. عدّاد الثلاثين يوماً يُختم في قاعدة البيانات لحظة فتح الطلب، وتقرؤه أربع واجهات: طابور المشغّل، وصفحة «طلباتي» عند العميل بنفس الموعد الذي سيحتج به، ودرجة الجاهزية التي تنخفض عند التأخر، والويب هوكس. والرفض الصامت غير ممكن بنيوياً: رفض بلا سبب مكتوب يظهر للعميل لا يقبله النظام.

How data-subject requests flow through the system, who does what, and how the 30-day clock is enforced rather than remembered.

How requests arrive

ChannelIdentity proof
Widget rights center on the merchant's site/appmerchant-minted subject token (their login)
Hosted rights page /privacy/<org>/one-time code to the phone/email on file
Merchant's own support channel → API/dashboardthe merchant's verification, on their responsibility

All three converge on the same request pipeline with the same audit trail.

Request types

TypeWhat fulfillment means
Accessa bundle of identifiers, complete consent history, and receipt references. Self-serve download exists in the rights center; a formal request creates a tracked item for the operator
Rectificationsubject proposes corrected phone/email; operator reviews and executes from the DSAR queue; identifier copy updates and the completion fires a webhook
ErasurePII destroyed, legally-required evidence retained anonymized — exact scope on the retention page

The 30-day clock

Every request is stamped with sla_deadline = created + 30 days, at creation, in the database — not in anyone's calendar. Four surfaces read that one fact: the dashboard queue (countdown, overdue first), the subject's "طلباتي" view (same deadline they'd cite in a complaint), the compliance score (overdue items cut it), and webhooks (dsar.requested / dsar.completed) for your own ticketing.

Rejections

An operator rejecting a request must record a reason, and that reason is shown to the subject in their requests view. Silent rejection is not representable in the system.

Operator's checklist

  1. Watch the DSAR queue — or wire dsar.requested into your ticketing.
  2. Rectification: verify the proposed value looks legitimate, execute from the queue.
  3. Erasure: confirm no legal hold applies, execute — the action and its actor land in the audit log.
  4. Never answer a rights request through channels that bypass the queue: the queue is your Article-30-style record of having answered in time.