Data Subject Management

Managing your Data Subjects from "Cradle to Grave" is an essential element of Data Protection - it also presents one of the largest challenges to just about all businesses. Using our unique features to track and trace Data Subjects from the moment you develop the strategy to gather them, such as trade shows, web subscriptions, etc. right through to the eventual disposal based on record management principles. The GDPMS will tell you where they are and what their data has been used for - essential information to effectively manage Data Subject Requests.

Singularly one of the most complex achievements of any business will be knowing where it's Data Subjects have come from, what processes they are part of and how each data subject is classified. Not withstanding the fact that Data Protection Laws mostly operate retrospectively, that is, you must be able to demonstrate when a Data Subject gave you consent, or what the legitimacy of processing is, but you must also provide evidence of such consent, for all Data Subjects regardless of when they became Data Subjects.

Couple this, with the various "Rights of Data Subjects". There are more regions than the EU that have extra-territorial reach. So running foul of a regulator regarding a Data Subjects rights is in most cases deemed one of the more serious "harms" that a Data Subject may suffer.

You must know exactly what process you obtained the Personal Data of a Data Subject, when and where you came about the Personal Data and what you have done with that Personal Data since you acquired it.

Thankfully, the GDPMS provides all the tools to allow you to perform the initial audit to identify these locations and pockets of Personal Data, it allows you to identify the applications and processes in play on the Personal Data, and allows you to create the appropriate flows with checks and balances to ensure that the collection, process and use are all legitimate, legal and recorded.

Once that operation is complete, the tools include the generation of appropriate "Collection Notices" both at the time of Personal Data collection and retrospectively (seeking consent again) if there is no clear evidence of original consent discovered.

Form this point you will be able to simply and effectively interest with your Data Subjects and allow them to exercise their rights appropriately based on the means and method of acquisition and the processes and purposes for Personal Data use - in a controlled manner.

Each Data Subject that makes a Data Subject Request (DSR) will also launch a workflow process to ensure that the information or request is managed within the time frame allocated by the appropriate laws relevant to the Data Subject and their region. This includes the business involvement in locating or providing the appropriate personal data in response. There are rules for automatically seeking to confirm the identity of the data subject, and a timer to ensure that any delays caused by the data subject waiting on responses, is recorded and becomes part of the process and sequence of recorded events associated with the request.

With more than 20 automated templates ready to spring into action and a fully automated process that addresses each data subject concern in a systematic manner, ensures that you will be able to effectively manage your data subject requests as and when they make them in a timely and professional manner, regardless of the volume.

To top this superb functionality off, there is a fee register and Data Subject Request History register, that ensures that multiple Data Subject Requests are billable to compensate for administrative overhead in dealing with each request.

Our pool of qualified vDPOs are ready to assist you deal with and manage large volumes of Data Subject Requests if you require assistance. We can also provide advise and support regarding new laws that are enacted in regions that your business operates.

Be the First to Know... Visit & Subscribe to our BLOG

Contact Us

This form is for general inquiries. If you are emailing about an existing case regarding a client that we represent, please reply to any of the email communications that you may have received from us about your matter. If you want to lodge a data subject request with a client that we represent, please visit the Data Subject Request form. You will need to know the Membership ID of the company that you would like to service your request. This information must be published on the contact page of our members website and in their Privacy Policy or Collection Statement.

If you wish to lodge a Data Subject Request regarding our service, our GDPMS ID is UK440000. Only use this code if the request is to be handled by us, that is information we have about you. If you would like to read our Privacy Policy and Collection Statement.










Maizieres Les Metz


Cirie TO



United Kingdom

71-75 Shelton Street

Covent Garden


+44 20 7442-5785

(207) 442-5785

United States

Suite 3377

304 S. Jones BLVD

Las Vegas NV 89107

+1 85 5577-8682

(US/Canada Toll-Free)








Full Service Regions


PO Box 834


NSW 2057

+61 4 6621-2726

(04) 6621-2726

Collection Statement & Privacy PolicyWebsite Cookie Policy | Support Desk

© 2010 - 2019 SPTG LLC, GDPR Forensic Limited. All rights reserved.

Data Protection*Services and are Trademarks of GDPR Forensic Limited (UK) and associated companies.

All prices on this website are EUR/EURO "€" unless otherwise stated.

The star logo and the DPO and CA seals are Trademarks of GDPR Forensic Limited,

unauthorised use is prohibited.