Data Source Owner (DSO) Workflow

DSO Response Process

After clicking on Share Information in the email sent to the DSO, the DSO has to provide a response through three main steps:

1. Data Validation

2. Additional Data

3. Confirmation

On the left side of the landing page, the DSO can view details about the Ticket and click on ‘View Request' to access the DSR form, or 'Entity 360' to obtain a comprehensive overview of the data source related to the data subject.

1. Data Validation

Here, the Data Subject Owner (DSO) ensures that the information collected about a data subject is accurate and up-to-date. The DSO reviews all the detected attribute instances for the data subject in the Entity 360 view.

The system identifies each attribute instance associated with the data subject and the DSO validates this information, performing one of several possible actions based on their review.

Actions

There are four possible actions a DSO can perform during data validation:

i. Data match found

ii. Attribute updated

iii. Attribute value not found

iv. Data no longer exists

1. Data match found: This is the default action indicating that the system has correctly identified the data. If the attribute instance is correct as per the DSO's review, this action is selected.

The DSO can also expand the row and add comments in the Additional Remarks field.

Example: Alberto Guerra is a data subject and his information related to the attribute "Address" shows the value "via delle Croce 16, Viganello, switzerland - 69".

The DSO reviews this information and finds it to be accurate. In this case, the DSO would select the action "Data match found" for this attribute.

1. Attribute has been updated: If the DSO observes that the data of a particular attribute has been modified since the last scan, they select this action. It signifies that the attribute value in the system needs to be updated to reflect the latest changes.

Example: If, upon review, the DSO finds that Alberto's address has been updated to "via delle Croce Verde 16, Viganello, switzerland - 6900" since the last scan, they would select the action "Attribute has been updated" and enter the new address in the Corrected Address field.

1. Attribute value not found: This action is selected when Lightbeam identifies an attribute, but the associated value is incorrect according to the DSO's review. It indicates a discrepancy between the system's record and the actual value.

Example: If the system lists Alberto's "Phone Number" attribute incorrectly as "+9174788650", the DSO opts for "Attribute value not found". They inform LightBeam of the error, add the correct the phone number "+917478865099" in Additional Remarks, ensuring data accuracy.

1. Data no longer exists: If LightBeam identifies an attribute instance that has been deleted or significantly altered, rendering the previous information irrelevant, the DSO selects this action. It alerts the system that the data is no longer valid or existent.

Example: Finally, if an attribute, say "Phone Number", was detected with the value "+9174788650", but Alberto has since changed his number and his current number isn't reflected in the system, the DSO would select "Data no longer exists". This action would indicate that the previous phone number is no longer relevant and the system should update accordingly.

For every action, DSOs must ensure that the data scanned by the system, is accurate for each attribute instance.

Once this is done, the DSO can click on Proceed.

1. Additional Data

Additional data step is designed to capture any missing data attributes that LightBeam may have overlooked.

The DSO can add these missing attributes related to the data subject, particularly from drives not scanned by the system.

2.1 Manual Entry of Additional Data

Users have the opportunity to manually input attribute values not detected by LightBeam. The user selects the attribute type from a provided list and enters the corresponding value before clicking "Add." This function allows users to enrich the data subject's profile by including any overlooked or missed PII (Personally Identifiable Information).

Example: LightBeam may not scan data about Alberto Guerra in files that have been marked under ‘No Scanning’. In this case, DSO needs to manually add attribute values related to Alberto Guerra.

Under Attribute Type, DSO may select ‘Office - Address’ and type in the given address of the data subject.

2.2 Upload Additional Files

In addition to manual entry, users can upload files containing additional data about the data subject by clicking on Upload Files.

Upon uploading, LightBeam performs an on-the-spot scan of the files to identify any attributes within them.

Users can either directly add all detected attributes to the data subject's profile or select "View and Customize" to review and select the attributes they wish to include.

Here, the user can select or deselect the required attributes and proceed by clicking on Add.

User can also edit the Identifier field contents or remove the values for the respective attributes if scanned incorrectly by LightBeam.

1. Confirmation

The objective of the third step is to finalize the data to be included in the DSR report and specify the purpose for storing this data.

• Purpose of data

This section must explain the purpose of storing the data. Select one or more of the predefined options that correspond to the purpose for processing the data. This can be done via a drop-down menu that provides the standard reasons for data storage.

If none of the provided options are suitable, select 'Other' and specify the purpose in the provided text box.

• Data Subject Information

This provides a summary of all the detected and added data from the first two steps of the DSR workflow. The summary includes:

- Instances of data matches found

- Manually added entries

• Attribute Value Not Found

Attribute value not found will list all the attributes that LightBeam could not detect within the datasource.

Once you have reviewed the Confirmation steps and are confident that all necessary data has been included and correctly classified, you can click on Submit.

To save the information and come back to it later, you can click on Save As Draft.

Data Subject Tickets

Upon submission, you are redirected to the Tickets page. This page contains a list of all your tickets, along with their:

• Ticket ID

• Corresponding DSR request ID

• Data subject

• Data source name

• Status

• Dates of receipt and completion

• Other Actions

The Tickets page serves as a log of all your activities as a Data Source Owner (DSO), ensuring you can keep track of all your DSR-related actions.

The tickets will be classified into 3 tabs: Closed, Open, All.

Tickets move to a 'Closed' state upon submission, which means the DSO has completed the verification for the data subject's information across their respective data sources.

Actions on Tickets by DSO

Reject Ticket

Reassign Ticket