Logging a new data subject request (DSR)
A Data Subject Request (DSR) is any request made by an individual exercising their rights under UK GDPR Articles 15–21. This includes Subject Access Requests (SARs), erasure requests, restriction requests, portability requests, and objection requests. Each must be logged and tracked.
How to log a new request
- 1 Go to Dashboard → Data Subject Rights.
- 2 Click + New Request (bottom right).
- 3 Select the request type: Article 15 (Access/SAR), Article 17 (Erasure), Article 18 (Restriction), Article 20 (Portability), or Article 21 (Objection).
- 4 Enter the requestor's full name and email address.
- 5 Set the Date Received — this starts the statutory deadline clock.
- 6 Enter any specific details about the request (e.g. what data they are asking for, which accounts or records).
- 7 Click Save.
Accepting requests made verbally or by phone
Data subjects can make requests verbally, in writing, by email, or via social media. Log all requests regardless of how they are received. For verbal requests, note the date you received it and the channel (e.g. "received by phone call on [date]") in the internal notes field.
You do not need to verify a requestor's identity before starting the clock. If you need to verify identity (e.g. for a large volume of sensitive data), you should do so promptly — the clock keeps running while you verify.
Requests received through other channels
If a request comes in by email, letter, or social media, log it in Folelse immediately and attach a copy of the request to the record. This creates an audit trail showing you received it and when you began processing it.
Need more help with this?
Contact support