Subject Access Request checklist
Subject Access Requests & Verification
Individuals have a right to know what personal data is being held about them, how it is being processed, and for what purpose and how it is being shared with other organisations. You need to take steps to verify the user before releasing information to them. Normally it will be by logging into the User Home page, in which case their email address would be the method of validation.
Information The User Can See When Logged In
The individual can log in to their User Area and view their personal data such as name, address, email and contact numbers, their newsletter subscription status, a list of forms they have completed (which you can control whether to show if required, read more in this article under User Visibility Of Their Form Submissions) and the orders they have placed or are in the process of placing.
What To Do If A User Has Forgotten Their Password
The user can use the "Forgotten Password" program on the login screen to retrieve their password. If you need to do this for them, simply fill in their email address in the same way.
What To Do If A User Does Not Have A Password (Because They Have Been Imported)
If the user has been imported into the system e.g. for mailshot campaigns and therefore does not have a fully approved account, send them an invite which contains a password to login with their email address. First, check the wording of the invite is suitable via Page Manager system page “email_user_invite”. Select their record in User Manager and in the Status & Levels tab tick the box “Send invite email” then click Update and they will be sent an email with a password for them to be able to login and view their personal data.
How To Manually Print Their Information
In the case where someone has sent in a written request, after validating the user manually, you can send them a printed version of their user record by printing it via CTRL-P in the Edit User screen for their record.