Skip to main content

Capturing and Tracking Requests using Request Maintenance

Paige Freeman
  • Updated

Staff can use ThreeSixty to capture different types of requests for data subjects. The following types of requests can be captured and tracked using ThreeSixty:

  • Data Inquiry & Export
  • Right to Be Forgotten
  • Manual

The Request Maintenance screen and the Privacy Consent and Requests page on the constituent record are used to capture any request related to GDPR. For any GDPR-related request, there is a compliance period of 30 days. The new screens allow you to track requests so that you can resolve requests within the 30-day window.

Access to the Request Maintenance page and the Request Maintenance section on the Privacy Consent and Requests page is controlled by the CRM360.RequestMaintenance security application.

To access the Request Maintenance page:

  1. From the CRM Central page, select Manage Privacy Requests.
    The Request Maintenance search screen displays, as shown below.

To create and track a new GDPR Activity:

  1. From the Request Maintenance search screen, select +New Activity.
    Alternatively, from the Privacy Consent and Requests page on the constituent record, select +New Activity.
    The Add Activity Request Management page displays, as shown below.
  2. Search for and select the appropriate Constituent, if necessary.
    The constituent's name, primary email, primary phone, and primary address display.
  3. From the Request Type drop-down, select the request type.
    The options displayed here are controlled by the CUS system type GDPR_ACTIVITY. By default, there are three different options to select for GDPR Activity: Manual, Data Inquiry, and Right to forget.
    1. Select Manual if you want to track a manual request; there is no logic associated with this system type. This option allows you to enter a manual activity and save.
    2. Select Data Inquiry if you are tracking a Data Inquiry request. One of a data subject's rights according to the GDPR is they can request that an organization send them a list of all the data that has been collected about them.
    3. Select Right to forget if you are tracking a request to be forgotten. One of a data subject's rights according to the GDPR is they can request that an organization anonymize their personal information.
  4. Enter any relevant Comments and then Save.

To search for and edit a previously created GDPR Activity:

Once the activity has been saved, depending on the Request Type you chose, different options will become available.

  1. From the Request Maintenance search screen, use the search fields to find the appropriate Activity record.
    1. Enter the Activity ID if it is known.
      This is the system generated ID attached to each activity record.
    2. Select a Activity type from the drop-down.
      The options displayed here are controlled by the CUS system type GDPR_ACTIVITY.
    3. Enter the constituent's Name if it is known.
    4. Enter the Constituent ID if it is known.
    5. Select "Yes" from the Resolved drop-down to see only records that are resolved, or "No" to see only records that are not resolved.
  2. Open a record for edit from the grid by selecting the edit pencil.
  3. The record opens to the Edit Activity Request Management screen. Depending on the Request Type of the record, different options are available.
    1. If the Request Type is Data Inquiry, a new option will display: Generate Data Inquiry Report. Select this button to display a dynamic report with all of the data related to the subject.

      The Resolved checkbox in the Resolution section of the page is also now available for selection. Toggle to Yes  to mark the request as resolved; the Resolved Date and Resolved By fields will default to the system date and the logged in user.
    2. If the Request Type is Right to forget,  a new option will display: Validate Request and Anonymize Record. Select the button and a dialog will appear and ask you if you are sure you want to anonymize the constituent. If you are sure, click Yes.

      Once you choose to anonymize the record, you cannot undo this action. All information for the customer will be anonymized. Please validate the request and be sure you have the correct record before selecting to anonymize the record. A best practice would be to reach out to the customer to confirm they would like to remove all their information from the system before clicking the Anonymize Record button.
      1. Before anonymizing the record, the system will perform a series of validation checks to be sure that anonymization is possible. If any of these validations are met, the record will not be anonymized and the corresponding error message will display. Please see Right to Be Forgotten Validations for more information.
      2. You must resolve the error before you can anonymize the record. For example, in the case above, you could invoice the customer for their outstanding balance, and once it was paid, click to anonymize the record again. Your organization can decide how they would like to handle each validation and create processes and procedures to follow.
      3. If all validations are passed, the record is anonymized. The Resolved Date is set to the system date, the Resolved By is set to the logged in user, and the Resolved flag is checked.