Revoke DPO Portal Guide

For Data Controllers and Privacy Teams

Product Information and Onboarding Guide

 

DPO Portal description

This guide is called “DPO Portal Guide” for ease of reference for our users. The guide is to support the user(s) of our data management portal, the Revoke DPO Portal.

We appreciate that for some organisations a formal “DPO” does not need to be appointed and in some cases, an alternative description or job title is given to the person who is responsible for managing data protection requests from data subjects e.g. Data Protection Manager or Leader, Privacy Leader etc.

While this person can co-ordinate the activities of the data protection function within an organisation, it is the ultimate responsibility of the data controller to ensure that its organisation operates in compliance with the relevant data protection law.

INTRODUCTION

Thank you for engaging with Revoke. We have designed both an app and a platform focused on dramatically reducing the time and effort it can take for Data Controllers and their Privacy Teams to fulfil GDPR requests. Our software utilises the highest security standards in communication technology and data storage to protect both you, the contact organisation and the data subject’s personal data. When data is imported into and stored in the Revoke platform it allows organisations to meet the regulations envisaged by GDPR Article 32 (and Recital 63) in the provision of a secure system to allow an individual to access and store their personal data.

Our services provide a robust process when verifying our user’s identity. Our systems capture the customer’s electronic signature and consent, (where appropriate) which evidences a contractual agreement between Revoke and the user required under the EU law governing electronic identification – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014. Any personal data processed by Revoke will be handled in accordance with our Privacy Policy.

Objectives of the Revoke DPO portal:

  • Secure and efficient SAR process for Data Controllers and their teams
  • Confidence in expertly verified ID
  • Automatic record and evidence of fulfilling GDPR obligations
  • Pro-active management of SAR requests
  • Easy task coordination for Privacy teams
  • API available to fast-track matching of SARs details to a company’s own database

Benefits of the Revoke DPO portal:

  • Efficient broker system between parties with military grade encryption; only the user who has requested their data will have access to it
  • An easy-to-navigate and intuitive platform
  • Straight forward response options embedded in requests sent, which allows Data Controllers or their teams to effectively manage requests
  • Additional features allow you to upload extra data or request more information to help verify users

ABOUT OUR COMPANY

The Revoke app (the “Service”) is operated by Revoke Limited (“Revoke”, “us”, “we”, or “our”) a company incorporated in Jersey and registered with the Jersey Financial Services Commission, Registration Number 124314.

The company’s head office and Registered Office is located at Floor One, Richmond House, 8 David Place, St. Helier, Jersey, Channel Islands, JE2 4TD.

Revoke Limited is registered as data controller with the Jersey Office of the Information Commissioner and its number is 61116.

Revoke Limited operates the websites www.revoke.com and www.atam.id.

TERMS AND CONDITIONS

We do not have any Terms & Conditions for our free services for organisations. We offer access to our Service, including the Data Protection Officer (DPO) Portal for the purpose of facilitating your response to data subject access requests.

Our DPO portal allows you to transfer the required information to the data subject in an encrypted and secure manner. Revoke can neither view nor modify any data transferred by you to the data subject through our Service.

Any personal data processed by Revoke is handled in accordance with our Privacy Policy and Security Policy

If you have any questions, comments, or complaints about the service, we would like to hear from you:

Email: help@revoke.com

Phone: 0208 158 8902 (Monday-Friday excluding UK and Channel Island bank holidays 0830-1700)

CONTENTS

  1. DATA SUBJECT ACCESS REQUESTS
    1. HOW REVOKE ACTS ON BEHALF OF ITS USERS
    2. REQUESTS HEADER
    3. VERIFIED INFORMATION (FORMERLY KYC)
    4. EMAIL RESPONSE BUTTONS
    5. MANAGE REQUEST
    6. ACCESS PORTAL
    7. ACTIONS
    8. GET REQUESTS
    9. STO REQUESTS
  2. WHAT IS OUR DPO PORTAL?
    1. HOW DO WE SHARE INFORMATION?
  3. KEY GENERATION FOR ESSENTIAL AND PLUS PLANS
    1. WHY IS IT NECESSARY TO WAIT?
    2. ENCRYPTION PROCESS FLOW EXPLAINED
  4. WELCOME
  5. ESSENTIAL PLAN
    1. ESSENTIAL FEATURES
    2. DOCUMENT VISIBILITY
    3. EMAIL ADDRESS AND PHONE NUMBER
  6. PLUS PLAN.
    1. REVOKE APP FOR BUSINESS
    2. VERIFICATION
    3. DPO PORTAL
    4. PLUS PORTAL SECTIONS
    5. ACTIONS ON THE REQUESTS
  7. AUTO RESPONSE
  8. TROUBLESHOOTING
    1. ACCESS DENIED
    2. OUTDATED BROWSER VERSION
    3. INVALID LINK
    4. REGISTRATION FAILED

1. DATA SUBJECT ACCESS REQUESTS

1.1. HOW REVOKE ACTS ON BEHALF OF ITS USERS

When our users create an account in the Revoke App, they are required to take a picture of themselves (‘selfie’), which is verified against their nationally issued photo ID using biometric technology.

Our systems capture the customer’s electronic signature and consent, (where appropriate) which evidences a contractual agreement between Revoke and the user required under the EU law governing electronic identification – Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014.

Our users can send you requests from Revoke’s secure email address: requests@dataprotection.revoke.com  to either “Stop Marketing”, “Get Data” or “Delete Data”.  The email request will let you know what type of request you have received; each request has a 3-letter prefix detailed below for easy reference:

TYPE OF REQUEST REFERENCE PREFIX
Get Data Request GET –
Stop Marketing Request STO –
Deletion Request DEL

 

1.2. REQUESTS HEADER

All requests will provide you with the user’s full name and the type of GDPR request you have received.

1.3. VERIFIED INFORMATION (FORMERLY KYC)

This is the verified information available on the data subject through either of the email response buttons and can include any of the following which is classified as being either “Standard” or “Sensitive” data which is explained in more detail in section 2.1. How Do We Share Information?:

  1. Primary email address (standard)
  2. All email addresses (standard)
  3. Primary phone number (standard)
  4. All phone numbers (standard)
  5. Current address (sensitive)
  6. All addresses (sensitive)
  7. IP address (standard)
  8. Identity document and selfie (sensitive)

1.4. EMAIL RESPONSE BUTTONS

The email templates for Subject Access Requests received on and after 28 July 2020 are different to those sent before and are explained here. To see the instructions for email templates sent before 28 July 2020 see section 1.7. Actions.

1.5. MANAGE REQUEST

Clicking on “Manage Request” will open a window where you’ll be able to view the subject’s data and respond to their request by either uploading data for a GET request, marking that you’ve removed them from your marketing list(s) for a STO request, marking that you’ve deleted their data for a DEL request or clicking “Reject” if you find you have no data on the subject (if you reject the request this will be applied to all other requests from that user). To view the subject’s data you have to click the blue button “View All” after which you will be prompted to enter a One-Time Code that will be sent to your DPO inbox shortly.

1.6. ACCESS PORTAL

Clicking “Access Portal” will open a window prompting you to “create a unique password” which will allow you to access the portal once a unique key has been generated to encrypt your communications (this can take up to 24 hours). If you’ve already created a unique password and your unique key has been generated then you can access the portal with your password. Once in the portal you can view the subject’s verified information as well as request consent to view the subject’s identity document if permitted for your company and request more information from the data subject such as account number etc if needed to complete their SAR. You can respond to their SAR in the portal and if you choose “Plus” this process is made faster by using the app’s QR code scanner feature.

1.7. ACTIONS

The email templates for Subject Access Requests received before 28 July 2020 are different to those sent thereafter and are explained here.

In the Actions section of the email there are three buttons per request type:

1.8. GET REQUESTS

Reject

If you believe you do not have any data on the subject this will direct you to a window where you can view the subject’s data (after clicking “View All” and entering the “One Time Code” sent to your email) and reject their request citing “no data”.

Reply & Complete

This will open a window which allow you to view the relevant data we hold on the subject (shown in the KYC section) to help you complete the request. However, to view this data you will have to click on the blue button “View All” after which you will be prompted to enter a “One Time Code” which you will shortly receive to the same inbox where the SARs are sent. Once you have entered the code the data subject’s data will be revealed to you. After you have checked your organisation’s database you can upload the data you have on the data subject and complete the request. If you do not have any data however you can click the red button “Reject”.

Request More Info

If you know that the data shown in the KYC section will not be sufficient for you to complete the request you can select this option which will open a window to access the DPO Portal asking you to “create a unique password” if you haven’t already done so. This unique password is used to encrypt your communication between yourself and the data subject and is how we ensure our highest security standards. Once you have accessed the Portal you can request more data from the data subject such as an account number, etc.

1.9. STO REQUESTS

Reject

If you do not have any data on the subject then you can reject the request citing “no data”.

Mark As Complete

This will open a window which allow you to view the relevant data we hold on the subject (shown in the KYC section) to help you complete the request. However, to view this data you will have to click on the blue button “View All” after which you will be prompted to enter a “One Time Code” which you will shortly receive to the same inbox where the SARs are sent. Once you have entered the code the data subject’s data will be revealed to you. After you have checked your organisation’s database and removed them from your marketing list(s) you can mark the request as complete. If you do not have any data however you can click the red button “Reject”.

Request More Info

If you know that the data shown in the KYC section will not be sufficient for you to complete the request you can select this option which will open a window to access the DPO Portal asking you to “create a unique password” if you haven’t already done so. This unique password is used to encrypt your communication between yourself and the data subject and is how we ensure our highest security standards. Once you have accessed the Portal you can request more data from the data subject such as an account number, etc.

NOTE: At the bottom of the request, you can see what additional information you can access when you login into our DPO portal. The button “Access KYC Information” has the same hyperlink as “Request More Info”.  You can find further information regarding the data provided in section 5.2.

2. WHAT IS OUR DPO PORTAL?

Once you have created a “Unique Password”, you will be asked to choose between our two current plans, “Essential” and “Plus”, both of which are free for organisations. Each plan connects to our portal and allows Data Controllers and their teams to safely and securely action requests (“Essential” offers limited features while “Plus” affords Data Controllers and their teams a greater range of functionality). The main difference between the two plans is that while “Essential” offers you the basic tools to deal with one request at a time, “Plus”  gathers all the incoming requests into a dashboard table showing all key information and the status of each request. This is a practical feature for companies who receive a large number of Subject Access Requests. “Plus” also displays all processing statistics and allows other authorised members of your privacy team to use the portal.

NOTE: Our “Plus” plan needs to be used in conjunction with the Revoke App for security purposes. This topic will be explained in section 6.

2.1. HOW DO WE SHARE INFORMATION?

Sensitive and special category data is only held in our DPO portal; we do not send this data by email as email is simply not a secure way to transfer data. Sending data via email would mean that the data subject’s information could be compromised placing you both at risk. The DPO portal keeps the information secure and reduces the volume of personal information being sent via email and stored on various servers and other computer devices. We categorise the information shared by the data subject into two distinct levels of sensitivity.

  • Standard: includes personal information the data subject would be willing to share with a company via email whenever a request is made. This information includes email addresses and phone numbers. When the data subject is sharing such information, Revoke requires a one-time code to verify that the Data Controller has access to the mailbox. Once this is confirmed, the data is made available.
  • Sensitive: includes personal information which the data subject is sharing with a specific company. This includes legal documents and other information requested via the “Request More Info” feature. In this instance, the data subject would have consented for his or her personal information to be shared with a specific company only. To view such data requires the creation of a unique password.

2.2 WHICH PLAN SUITS YOU THE BEST?

 

“Essential” Benefits

  • It will allow you to manage one individual request at a time.
  • This is a practical choice if you have a small number of SARs in your inbox.

“Plus” Benefits

  • This plan allows you to manage multiple SARs.
  • Additional features in “Plus” include a dashboard which shows SAR metrics and pending requests.

3. KEY GENERATION FOR ESSENTIAL AND PLUS PLANS

Revoke needs to generate a Key before giving Data Controllers or their teams access to its platforms. This process can take up to 24 hours to be completed and is a fundamental step as it backs up the data in an offline vault affording the highest level of security. This process will only take place once you create a unique password.

 

3.1. WHY IS IT NECESSARY TO WAIT?

Any sensitive personal data the subject is sharing with a company is stored securely in a way that only the specified company can access. The data is encrypted with randomly generated cryptographic keys. Each company’s set of keys includes a public and a private key; the public key is used to encrypt data, (ensuring the data is stored securely)  and the private key is used to decrypt data (which provides secure access to the data). For additional security, the company’s private key is generated and stored on a device which is not connected to the internet, (cold storage computer), to mitigate any risk of data being compromised.

As a Data Controller for a company needs access to the data subject’s personal information, the company’s private key is needed to access the data. During the Data Controller onboarding process, the company’s private key needs to be made accessible to the Data Controller. This process involves generating a separate keypair for the Data Controller and using the generated keys to encrypt the company’s private key, giving access to the Data Controller only. This process is completed using the cold storage device. The securely encrypted company private key is then made available to the Data Controller.

3.2. Encryption process Flow Explained

  1. Revoke generates a keypair (public / private) for a company in an offline cold storage computer
  2. Company public key is exported and imported into the Revoke system
  3. Data Subject saves sensitive data which is encrypted with the company’s public key
  4. Data Controller begins the onboarding process to be able to view the data subject’s information– this involves generating a keypair (public / private) key for the Data Controller
  5. The Data Controller’s public key is sent to Revoke
  6. Revoke staff export the Data Controller’s public key from the Revoke system and import it into the offline cold storage computer
  7. The offline cold storage computer encrypts the company’s private key (for the Data Controller’s relevant company) with the Data Controller’s public key
  8. Revoke staff export this updated encrypted company private key from the offline cold storage computer and import it into the Revoke system
  9. The Data Controller can now download the updated encrypted company private key and use this key on his/her device to decrypt the data subject’s information

In summary, 24 hours are needed due to the exporting of the company’s private key (encrypted with the Data Controller public key created on signup) as this is a manual process and cannot be automated since the keys are stored in an offline device with no external connection.

4. WELCOME

Once the Key has been generated, you will receive an email notifying you that your registration process is complete, you will be able to access the Revoke portal and action SARs sent to your company.

  1. Click on the link to proceed
  2. Insert the “Unique Password” you have created previously.
  3. Insert the one-time code that you will receive by email. This is a two-factor authentication process, which is essential as it guarantees that the individual who is about to enter the Revoke portal is authorised to act for your company.

5. ESSENTIAL PLAN

5.1. ESSENTIAL FEATURES

As mentioned earlier in the guide, “Essential” allows you to manage one request at a time. You will be able to see the basic information of each user including their name, email address and phone number.

  1. If the user has requested you retrieve their data, you can upload a file by clicking on this button.
  2. As a Data Controller, you are legally obliged to respond to customer SARs. If you decide to reject the request, you must specify the reason for this decision.
  3. If the information provided by the user is not enough for you to identify them sufficiently, you can always ask for more information.

5.2. DOCUMENT VISIBILITY

As proof of identity our users must provide a document (for example a Passport, driving licence or National Identity Card) legally issued by a recognised agency or government authority. Within the Revoke portal these images are blurred by default. If your company requires a clearer version of the pictures, you can send a request to the user by clicking on the ‘Request consent’ button.

5.3. EMAIL ADDRESS AND PHONE NUMBER

Underneath the Photo ID section, you will be able to see the users email address and his/her mobile number. The number is hidden by default; you can see this information by clicking on the corresponding “reveal” button.

6. Plus Plan

6.1. Revoke app for BUSINESS

If you have chosen this plan, you will need to verify your identification using the Revoke App. The process is relatively simple:

  • You must create a Business account
  • You must provide your Data Controller email account details
  • To verify your identity as the Data Controller you must provide your name and the email address, (which must be your organisations dedicated Data Protection team email address)
  • We will also need proof of your identity

 

6.2. VERIFICATION

The App will prompt you to take a picture of your chosen photo ID document and verify this using a photo of yourself (selfie). Both forms of identification are reviewed using biometric technology to confirm the images match exactly.

 

You will receive an email to verify your Data Controller email address. Once completed we will then send you a link to login to our DPO portal.


Note: EMAIL NOT RECOGNISED

It is important that you use the same email address Revoke sent the SARs to, as it will be automatically associated with your company. If you attempt to add a different email, you will see the following message:

 

If the company changes its Data Controller contact email address you will need to ensure this is kept up to date on our platform. You can send any changes to this information by email to help@revoke.com and we will update it on your behalf.

6.3. DPO PORTAL

Once you have created your account, go to https://dpoportal.revoke.com/ on your computer and tap “Login to Revoke DPO Portal” on your mobile phone and then “Open QR Code Scanner” to scan the QR Code shown on your computer to gain access to the DPO portal.

 

This process takes a couple of minutes.

6.4.    PLUS PORTAL SECTIONS

The “Plus” portal consists of three main sections. On the left-hand side of the screen you will see, “Dashboard”, “Requests” and “My Company”, and a hyperlink to Revoke’s Privacy Policy. In the middle of the screen the portal displays your dashboard information which can be configured to show whatever information you need depending on the data fields selected. The image shown underneath, for instance, is showing the requests. The third section, to the left of the screen, is a Search Filter; particularly helpful when the number of requests increases.

DASHBOARD

The dashboard helps you view the status of the requests we have sent on behalf of our customers. You can see the number of outstanding requests and the time remaining until the reporting deadline. (SARs reporting deadline can vary depending on your country/region and the applicable data protection law).

MY COMPANY

This section allows you to edit your company information. You can also add and manage the other members of your company’s data protection team.

REQUESTS

This section will show you a table with the full list of requests, basic information for each and the date it was received. From this section you can click on “Action” and fulfil the request.

SEARCH FILTER

As the list of requests increases, the search filter will become a useful tool to help you find all the information you require.  You can filter the search by the request reference, the name of the Revoke Data Subject, his or her email addresses, the status of the request or the type of request, which would be either “Get Data”, “Stop Marketing” or a “Deletion Request”.

6.5.    ACTIONS ON THE REQUESTS

In the “Requests” section, you will see a contents table with all the requests sent to your company. When you click on the word “Action”, it will open the request and show you the information to identify the Revoke Data Subject. You have three different options: (A) Upload data and complete, (B) Reject and (C) Request more info.

UPLOAD DATA AND COMPLETE

This action will show a pop-up window where you can either upload a file or leave a link that the user will receive via the App to get his/her data. Inserting additional notes for the Revoke customer to read is optional.

REJECT

To reject a Revoke Data Subject Request, it is necessary to provide a reason, which will be shown to our user via the app.

REQUEST MORE INFO

Whenever you need more information to fulfil the Revoke Data Subject Request, you can click on this option and select the type of information you require.

7. Auto Response

If your company has a simple process to retrieve and delete cookies or an opt out function to stop marketing, we can add this link to our internal Revoke portal and automatically send the link to our Revoke customers should they wish to request you to  Stop Marketing to them.

This functionality is provided using a dedicated API.

For information on API services please contact help@revoke.com

8. Troubleshooting

8.1. ACCESS DENIED

The “Access Denied” message might appear when the security key has been compromised. If you see this message, please contact us by email: help@revoke.com

8.2. OUTDATED BROWSER VERSION

This message might appear due to the incompatibility between Revoke and the browser you are currently using. Bear in mind that Revoke supports the following browsers: IE11+, Firefox, Chrome, Brave and Safari. If you are already using one of these browsers, please make sure that it is updated. If any further issues on this matter persists, please contact help@revoke.com

8.3.    INVALID LINK

The link expires once the SAR has been completed (or rejected with a valid reason) by the Data Protection Officer. If you see this message it is because you are trying to access a SAR that has already been fulfilled.

8.4.    REGISTRATION FAILED

As specified in the message itself, you will need to try to register again. Prolonged issue with Registration should be reported to help@revoke.com

Cyber Essentials certified logo

Cyber Essentials Certified

We take security seriously which is why we’ve been assessed and certified for addressing cybersecurity effectively and mitigating the risk from Internet-based threats.