At Revoke we care about helping people keep their data secure wherever they chose to store it. Often the whereabouts of data only becomes a real issue for people when their data has been misused or is subject to a data breach and causes distress or financial loss.
Revoke gives users a platform to manage the process of keeping their data safe and secure with those they chose to share it with.
This guide aims to give friendly support, advice, and tips to Privacy leads and their teams on how to use the Revoke Data Management Portal also referred to as the DM Portal Guide. The Portal has been designed to help Privacy Teams manage DSARs received from Revoke users.
We appreciate that depending on the location, size and legislation governing the Privacy function of a business, job titles in Data Protection/Privacy Teams vary. To harmonise the various job titles which include “Data Protection Officer” and “Chief Privacy Officer” we refer to these individuals throughout the guide as Privacy Leads or Teams.
We also acknowledge that for some organisations a formal “DPO” or “CPO” does not need to be appointed. While these individuals can coordinate the activities of the data protection function within an organisation, it is the ultimate responsibility of the data controller to ensure that an organisation operates in compliance with the applicable data protection law.
Firstly, thank you for engaging with Revoke. We designed and developed a data management platform to help dramatically reduce the time and effort it can take for data controllers and their Privacy Teams to fulfil data subject access requests (DSARs).
Our software utilises the highest security standards in communication technology and data storage to protect Privacy Leads, their Teams, their organisation and the data subject’s personal data. When data is imported into and stored in the Revoke platform organisations can be confident that they are complying with regulatory requirements in the provision of a secure system to allow an individual to access and store their personal data.
Revoke does not have any Terms & Conditions for free services provided to organisations. We offer access to our Service, including the DM Portal, for the purpose of facilitating responses to DSARs.
The DM Portal allows Privacy Teams to transfer the required information to the data subject in an encrypted and secure manner. Revoke can neither view nor modify any data transferred by an organisation to the data subject via our Service.
If after reading this guide there are any questions or comments about the Service, please send feedback to email@example.com or contact our business helplines:
UK – 0208 158 8902 *
US – (279) 3560049 *
* Both BST – Monday to Friday, 09:00 to 17:00 (Excluding the UK and Channel Island bank holidays)
Prior to sending any requests Revoke users must first verify their email address and digitally sign an eIDAS compatible “Letter of Authorisation” which evidences a contractual agreement between Revoke and the user. Some DSARs require more information about the data subject in which case Revoke will prompt the user to also verify their phone number and nationally issued photo ID using biometric technology before these requests are sent.
The “Letter of Authorisation” which Privacy Leads will see as a PDF document at the bottom of the DSAR email received includes the user’s digital signature and a list of the permissions they have granted for Revoke to act on their behalf.
Revoke DSARs will come from the email address: firstname.lastname@example.org with a request to either “Stop Marketing”, “Get Data” or “Delete Data”. Each request contains a unique identifier and is prefixed by a 3-letter code; for ease of reference these are:
|TYPE OF REQUEST||REFERENCE PREFIX|
|Get Data Request||GET –|
|Stop Marketing Request*||STO –|
|Deletion Request||DEL –|
*Under CCPA legislation, users can submit a “Stop Sharing” request instead of “Stop Marketing”.
All requests will provide Privacy teams with the data subject’s full name and the type of DSAR received:
Privacy Teams can access additional verified information by clicking on the link contained in the DSAR. The information included is classified as either “Standard” or “Sensitive” data; this classification is explained in more detail in section 3.1 How Do We Share Information?
All requests include two options: “Manage Request” and “Access Portal”.
Clicking on “Manage Request” will allow Privacy Teams to fulfill the DSAR without having to access the Portal and take them to the following screen:
Once the Privacy Team has received and entered the One Time Code, access will be given to view the Data Subject’s verified information.
Selecting “Access Portal” will open a window prompting the designated Privacy Team member to “create a unique password” which will allow them to access the Portal once a unique key has been generated to encrypt communications (this can take up to 24 hours but typically takes less than two hours if done during Revoke’s business hours).
If both a password and unique key has already been generated, the Privacy Team can access the Portal using their password.
By accessing the Portal Privacy Teams can get a complete view of the total requests they’ve received and respond to them one after the other without having to enter a One Time Code each time.
On top of seeing the Data Subject’s verified email address(es) and phone number(s) (which you can also see via the “Manage Request” button), the following options are uniquely available via the Portal:
The Portal sign-up process varies depending on the plan chosen. The two plans currently available to organisations are Essential and Plus which is explained in section 4 Which Plan Best Suits Your Organisation?
Once Privacy team members have created a “Unique Password”, they will be asked to choose between the two current plans available: “Essential” and “Plus”. Both are free for organisations. Each plan connects to the DM portal and allows Privacy teams to safely and securely action requests, (“Essential” offers limited features while “Plus” affords a greater range of functionality). The main difference between the two plans is that while “Essential” offers basic tools to deal with one request at a time, “Plus” gathers all the incoming requests into a dashboard table showing all key information and the status of each request. This is a practical feature for companies who receive a large number of Subject Access Requests. “Plus” also displays all processing statistics and allows other authorised members of a privacy team to use the portal.
Sensitive and special category data is only held in Revoke’s DM portal; this data is never sent by email as email is simply not a secure way to transfer data. Sending data via email would mean that the data subject’s information could be compromised placing both the user and the company at risk. Using the DM portal keeps the information secure and reduces the volume of personal information being sent via email and stored on various servers and other computer devices. Revoke categorises the information shared by the data subject into two distinct levels of sensitivity.
Includes personal information the data subject would be willing to share with a company via email whenever a request is made. This information includes email addresses and phone numbers. When the data subject is sharing such information, Revoke requires a one-time code to verify that the Privacy team member has access to the mailbox. Once this is confirmed, the data is made available.
Includes personal information which the data subject is sharing with a specific company. This includes legal documents and other information requested via the “Request More Info” feature. In this instance, the data subject would have consented for his or her personal information to be shared with the specified company. To view Sensitive data requires the Privacy team member to create a unique password.
Revoke needs to generate a Key before giving data controllers or their Privacy Teams access to the Portal. This process can take up to 24 hours to be completed and is a fundamental step as it backs up the data in an offline vault affording the highest level of security and privacy. This process will only take place once a Privacy Team lead has created a unique password.
Any sensitive personal data the subject is sharing with a company is stored securely in a way that only the specified company can access. The data is encrypted with randomly generated cryptographic keys. Each company’s set of keys includes a public and a private key; the public key is used to encrypt data, (ensuring the data is stored securely) and the private key is used to decrypt data (which provides secure access to the data). For additional security, the company’s private key is generated and stored on a device which is not connected to the internet, (a cold storage computer) to mitigate any risk of data being compromised. As a manual process this can take up to 24 hours depending on when the request was made, but every effort is made to ensure keys are generated as quickly as possible.
As a data controller or company Privacy team member needs access to the data subject’s personal information, the company’s private key is needed to access the data. During the onboarding process, the company’s private key needs to be made accessible to the Privacy team member. This process involves generating a separate keypair for the company and using the generated keys to encrypt the company’s private key, giving access to the Privacy team only. This process is completed using a cold storage device. The securely encrypted company private key is then made available to the Privacy team.
In summary, 24 hours are needed due to the exporting of the company’s private key (encrypted with the data controller public key created on signup) as this is a manual process and cannot be automated as the keys are stored in an offline device with no external connection.
Once the Key has been generated, your Privacy Lead will receive an email confirming sign-up is complete.
Insert the unique password previously created.
A One Time Code email will then be sent to the primary Privacy Team email address. This is a two-factor authentication (2FA) process essential to guaranteeing that the Privacy Team member about to access the Portal is authorised to act on behalf of the organisation.
Insert the One Time Code found in the email to gain access to the Portal. The Privacy Lead will then be able to action DSARs sent to the company.
Please note that this plan only allows businesses to manage one request at a time.
By clicking on this button, Privacy Teams can complete and close requests. This option also allows Privacy Teams to add text which will be directly delivered to the Data Subject and tick the checkbox if you wish to receive a receipt confirming that the DSAR has been completed.
If the data provided by the data subject does not match any of your records simply reject the DSAR providing the reason and tick the checkbox if you wish to receive a receipt confirming that the DSAR has been completed.
When the information provided by the user is not sufficient for your organisation to find a match in your records additional information from the user can be requested by clicking on this button. As in the previous sections, a receipt for this action can be selected.
Depending on the type of organisation, the DSAR can include the Data Subject’s email address(es) and/or phone number(s). This information is hidden by default, but Privacy Teams can view this data by simply clicking “reveal”.
In order to send DSARs to some organisations such as Banks and Health Institutions, Data Subjects must provide proof of identity with government-issued Photo ID (eg passport, driving licence or national identity card). These images are stored blurred by default and if an organisation requires these documents, a request for access can be sent to the Data Subject by clicking on the “REQUEST CONSENT” button.
This section shows Privacy Teams the deadline to respond to the DSAR according to the legislation the organisation must comply with. Under Article 12 of the GDPR for instance, a data controller must respond to a DSAR “without undue delay and in any event within one month of receipt of the request.” This can be extended by a further two months if the request is complex, or a number of requests have been made by the Data Subject. As for CCPA, organisations must confirm receipt of a request within 10 business days and respond to the request within 45 calendar days from the time the request was received.
The Essential Portal only allows an organisation to manage one request at a time so if your organisation receives a high volume of DSARs an upgrade to Plus is recommended. Upgrading to Plus is free.
Whether your business has chosen this plan from the DSAR email or opted to upgrade from Essential, the Privacy Team Lead will be asked to register and to provide two email addresses. One would need to be the official company DPO or CPO email address and the other would be the Privacy Team Lead’s individual work email address. Once you have finished the registration process, the members of your Privacy Team would be able to create their own accounts to access the Portal. For these accounts to become active you must verify and authorise their creation first.
Confirmation will be sent to the Privacy Team member’s individual work email address with a One Time Code as well as a link to complete the registration process. The One Time Code verifies the individual email address and is needed to allow Privacy Team members to create a unique password.
Revoke will then send an email to the organisation’s official DPO or CPO email so they may confirm that the person with the individual work email address has the authority to respond to requests on their behalf.
After clicking “here” the following screen will be displayed asking to confirm access:
Clicking “CONFIRM” will allow the Privacy Team member access to the Portal (providing key generation is complete).
If this is the first time attempting to access the Portal a unique key will have to be generated with which to securely encrypt communications between the Privacy Team and the Data Subjects.
This process can take up to 24 hours but only needs to be done once. All subsequent Privacy Team members who create a personal log-in to the Portal will be able to access the Portal after confirmation is granted.
Once key generation has been completed Privacy Team members are able to access the Portal and start responding to DSARs.
The dashboard provides helpful statistics including the number of requests that are pending, completed or rejected.
This section shows a table of all requests including the basic information for each and the date the DSAR was received. Requests can be actioned from this screen by clicking “Action”.
The information included when responding to a request will either be email address(es), phone number(s), or both. This information is hidden by default but can be seen by simply clicking on the word “reveal”.
For Revoke users to send data requests to some organisations such as Banks or Health Institutions, they must provide further proof of identity with additional government issued documentation (for example a Passport, driving licence or National Identity Card).
These images are stored blurred by default in the Portal. If a company requires visibility of these documents a request can be sent to the Data Subject by clicking the “REQUEST CONSENT” button. Underneath the Photo ID section, the Data Subject’s email address(es), and phone number(s) will be visible. The number is hidden by default but this information can be viewed by clicking on “reveal”.
Once the Data Subject’s data has been matched with company records, you will be able to either:
A pop-up window will appear where Privacy Team members can either upload a file or leave a link the user will receive via the App to get their data. Inserting additional notes for the Data Subject is optional.
To reject a Data Subject’s request we ask that Privacy Teams select a reason so the Data Subject understands why their request was rejected.
If further information is required for Privacy Teams to fulfil the DSAR, simply click on this option and select the type of information required.
Company profiles can be completed/updated here.
If the number of requests increases, the search filter becomes a useful tool to help locate all the information Privacy Teams require. Searches can be filtered by the request reference, the name of the Data Subject, their email address(es), the status of the request, or the type of request which would be either “Get Data”, “Stop Marketing*” or a “Deletion Request”.
*Stop Sharing under CCPA legislation
If the organisation you work for has subsidiaries that share the same DPO or CPO email address, Privacy Teams can switch accounts to manage these requests.
The “Access Denied” message might appear when the security key has been compromised. If this message appears please contact us by email at email@example.com
This message might appear if there is an incompatibility between Revoke and the browser your organisation uses. Revoke supports the following browsers:
If the company uses one of these browsers, please make sure that it is updated. If there are further issues please contact us by email at firstname.lastname@example.org
A link expires once the DSAR has been completed (or rejected with a valid reason) by the Privacy Team. If this message appears it is because the DSAR has already been completed.
If this message appears it will be necessary to register again. Prolonged issues with Registration should be reported to email@example.com
We hope that this Guide to our Data Management Portal helps Privacy Teams execute DSARs from Revoke Data Subjects more easily.
If there are any suggestions on ways we may improve the service, please email firstname.lastname@example.org
Revoke Support Team
We take security seriously which is why we’ve been assessed and certified for addressing cybersecurity effectively and mitigating the risk from Internet-based threats.