Privacy Spotlight: Easily comply with data subject rights in Dynatrace

Introducing Privacy Rights, a Dynatrace® app built to streamline data-subject rights management. With Privacy Rights, you’re in control of your compliance tasks. You can efficiently follow up on your end-user's personal data requests in Grail™ in line with privacy laws like GDPR and CCPA.

Across the globe, privacy laws grant individuals data subject rights, such as the right to access and delete personal data processed about them. Rising consumer expectations for transparency and control over their data, combined with increasing data volumes, contribute to the importance of swift and efficient management of privacy rights requests.

“By 2026, fines due to mismanagement of subject rights will have increased tenfold from 2022 to total over $1 billion.” [1]
–Gartner^®

These drivers and the growing complexity of data privacy regulations make manual handling of these requests unsustainable, necessitating automated and scalable solutions.

Handling privacy rights throughout your complex data ecosystem

Your obligation to uphold privacy rights extends beyond the boundaries of your own organization to the vendors in your supply chain. Because of that, SaaS providers, such as Dynatrace, play a crucial role in facilitating compliance with privacy rights. When a privacy request is initiated, it cascades through every layer of your supply chain. Successful compliance with privacy rights requests involves tracking and verifying requests across the entire data ecosystem, including third-party services.

Lack of control over the management of privacy rights can lead to increased administrative burdens, higher risk of errors, and overall frustration for organizations who fear a loss of customer trust in case of non-compliance with data protection regulations like GDPR and CCPA.

“While the need for scalable subject rights delivery and fulfillment will not go away, the demand for more automation will lead to a faster move toward a zero-touch model.” [2]
— Nader Henein, VP Analyst, Gartner

The Privacy Rights app is designed to streamline this process in Dynatrace.

Efficiently locate and export your end users’ personal data

Let’s walk through a fictitious example to explore privacy rights handling in Dynatrace. A diligent services administrator is busy making sure that Dynatrace is deployed and working correctly. But today, something new awaits in their inbox: an urgent data-subject rights request from the privacy legal team. It states: “Please locate and compile all personal data associated with this email address in Dynatrace as part of our end-user’s right to access their data.” How can this services administrator meet this request in a quick, compliant, and efficient way?

Unlike many other SaaS vendors, Dynatrace empowers you by providing a tool for submitting, tracking, and verifying the status of requests. Dynatrace overcomes the challenge of manual, error-prone processes with workflows that enhance transparency and accountability in privacy rights handling. With an out-of-the-box solution, Privacy Rights enables your team to focus on deriving value from Dynatrace rather than being stuck with time-consuming compliance tasks.

Privacy Rights in action

With an interface tailored to your compliance needs, Dynatrace users can track privacy rights requests. A dashboard summarizes relevant details, such as reference to the request and its status and alignment with any due date. This approach effortlessly keeps you and your privacy team informed about end-user requests without requiring additional follow-up through support for status updates. The entire process, from the creation of the request to the export of the relevant data, is logged and auditable within the app.

When creating an export request, an authorized user specifies the end user’s details. The details are used to search Grail for any personal data related to that user. This step lets you fine-tune your query to identify all matching data points, ensuring a thorough and accurate retrieval process.

Once the data in Grail that matches the run query is returned, a second authorized user reviews the results in terms of volume (the number of log records, volume, data residency, and the number of systems). Based on this overview, the export of the matching logs is either approved or rejected. This multi-user approval process reduces export risks and serves as an accuracy check.

With just a few clicks, what might have initially seemed like a cumbersome compliance task becomes a seamless and transparent workflow. Privacy Rights helps organizations confidently navigate the complexities of data subject rights handling in Dynatrace.

Get started with Privacy Rights today

• New to Dynatrace? Open a free trial environment right now and see Dynatrace in action.
• Check out the documentation for the Privacy Rights app.
• Learn more about our commitment to providing you with control and transparency over your customers’ personal data in the Dynatrace Trust Center.
• Share your feedback, suggestions, and ideas with us in the Dynatrace Community.

What’s next

We’re working on making privacy rights handling even easier by making log deletion in Grail available in the Privacy Rights app. Stay tuned to our continuous improvements by checking the Privacy Rights documentation.

^{[1] Gartner Press Release, “Gartner Predicts Fines Related to Mismanagement of Data Subject Rights Will Exceed $1 Billion by 2026,” 24 August 2023, https://www.gartner.com/en/newsroom/press-releases/2023-08-24-gartner-predicts-fines-related-to-mismanagement-of-data-subject-rights-will-exceed-1-billion-dollars-by-2026. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.}

^{[2] Ibid.}