Requirement

Informing and data subject requests

Oh no! No description found. But not to worry. Read from Tasks below how to advance this topic.

Fulfill this requirement by completing the tasks below ->
Informing and data subject requests
This requirement is part of the framework:  

Other requirements of the framework

No items found.
0
Informing and data subject requests
No items found.
Privacy
Best practices
How to implement:
Informing and data subject requests
This policy on
Informing and data subject requests
provides a set concrete tasks you can complete to secure this topic. Follow these best practices to ensure compliance and strengthen your overall security posture.
Read below what concrete actions you can take to improve this ->
Privacy
Informing and data subject requests
Frameworks that include requirements for this topic:
Lov om digital sikkerhet (Norge)
CRA (Cyber Resilience Act)
CyberFundamentals (Belgium)
TISAX: Information security
Tietoturvasuunnitelma (THL 3/2024)
SOC 2 (Systems and Organization Controls)

How to improve security around this topic

In Cyberday, requirements and controls are mapped to universal tasks. A set of tasks in the same topic create a Policy, such as this one.

Here's a list of tasks that help you improve your information and cyber security related to
Informing and data subject requests
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
Privacy notices -report publishing and maintenance
Critical
High
Normal
Low
18
requirements
Privacy
Informing and data subject requests

Privacy notices -report publishing and maintenance

This task helps you comply with the following requirements

14. Information to be provided where personal data have not been obtained from the data subjectGDPR
12. Transparent information, communication and modalities for the exercise of the rights of the data subjectGDPR
13. Information to be provided where personal data are collected from the data subjectGDPR
18.1.4: Privacy and protection of personally identifiable informationISO 27001
A.12.1: Geographical location of PIIISO 27018
ID.GV-3: Legal and regulatory requirementsNIST
A.7.3.1: Determining and fulfilling obligations to PII principalsISO 27701
A.7.3.2: Determining information for PII principalsISO 27701
A.7.3.3: Providing information to PII principalsISO 27701
TSU-19.2: Rekisteröidyn oikeudet - Läpinäkyvä informointiJulkri
Updating requested amends
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Updating requested amends

This task helps you comply with the following requirements

No items found.
Denial issuing
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Denial issuing

This task helps you comply with the following requirements

No items found.
PHI disclosure accounting
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

PHI disclosure accounting

This task helps you comply with the following requirements

No items found.
Safeguards to protect the confidentiality of group health plans
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Safeguards to protect the confidentiality of group health plans

This task helps you comply with the following requirements

No items found.
Amendments from other covered entities
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendments from other covered entities

This task helps you comply with the following requirements

No items found.
Grant access to inspect and obtain PHI
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Grant access to inspect and obtain PHI

This task helps you comply with the following requirements

No items found.
Amendment request timeliness
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendment request timeliness

This task helps you comply with the following requirements

No items found.
Record keeping documentation
Critical
High
Normal
Low
3
requirements
Privacy
Informing and data subject requests

Record keeping documentation

This task helps you comply with the following requirements

No items found.
Record of disclosures of protected health information
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Record of disclosures of protected health information

This task helps you comply with the following requirements

No items found.
Amendment denial disclosure
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendment denial disclosure

This task helps you comply with the following requirements

No items found.
Management of access rights to PHI
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Management of access rights to PHI

This task helps you comply with the following requirements

No items found.
Amendment disagreement disclosure
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendment disagreement disclosure

This task helps you comply with the following requirements

No items found.
Review and redirection facilitation
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Review and redirection facilitation

This task helps you comply with the following requirements

No items found.
Communications and disclosures of confidential information
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Communications and disclosures of confidential information

This task helps you comply with the following requirements

No items found.
Amendment notification
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendment notification

This task helps you comply with the following requirements

No items found.
Disclosure of protected health information
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Disclosure of protected health information

This task helps you comply with the following requirements

No items found.
Amendment decision criteria
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Amendment decision criteria

This task helps you comply with the following requirements

No items found.
Ability to request restriction of the processing of personal data
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Ability to request restriction of the processing of personal data

This task helps you comply with the following requirements

No items found.
PHI amend requests
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

PHI amend requests

This task helps you comply with the following requirements

No items found.
Ensure a compliant and updated Notice of Privacy Practices (NPP)
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Ensure a compliant and updated Notice of Privacy Practices (NPP)

This task helps you comply with the following requirements

No items found.
Providing Notice of Privacy Practices (NPP) to individuals
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Providing Notice of Privacy Practices (NPP) to individuals

This task helps you comply with the following requirements

No items found.
Access requests to PHI
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Access requests to PHI

This task helps you comply with the following requirements

No items found.
Disclose PHI to family, caregivers, and in emergencies
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Disclose PHI to family, caregivers, and in emergencies

This task helps you comply with the following requirements

No items found.
Manage authorizations and core validity requirements for PHI
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Manage authorizations and core validity requirements for PHI

This task helps you comply with the following requirements

No items found.
NPP delivery and acknowledgment guidelines
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

NPP delivery and acknowledgment guidelines

This task helps you comply with the following requirements

No items found.
Process for receiving and handling data subject requests
Critical
High
Normal
Low
24
requirements
Privacy
Informing and data subject requests

Process for receiving and handling data subject requests

This task helps you comply with the following requirements

15. Right of access by the data subjectGDPR
16. Right to rectificationGDPR
18. Right to restriction of processingGDPR
19. Notification obligation regarding rectification or erasure of personal data or restriction of processingGDPR
21. Right to objectGDPR
22. Automated individual decision-making, including profilingGDPR
23. RestrictionsGDPR
18.1.4: Privacy and protection of personally identifiable informationISO 27001
A.2.1: Obligation to co-operate regarding PII principals’ rightsISO 27018
A.2: Consent and choiceISO 27018
Data erasure processes and the "right to be forgotten"
Critical
High
Normal
Low
7
requirements
Privacy
Informing and data subject requests

Data erasure processes and the "right to be forgotten"

This task helps you comply with the following requirements

17. Right to erasure (‘right to be forgotten’)GDPR
A.7.3.6: Access, correction and/or erasureISO 27701
A.8.2.3: Marketing and advertising useISO 27701
TSU-19.4: Rekisteröidyn oikeudet - Tietojen oikaiseminen, poistaminen, siirtäminen, käsittelyn rajoittaminen ja vastustaminenJulkri
P4.3: Secure disposal of personal informationSOC 2
9.6.1: Management of data subject requestsTISAX
Documentation of personal data sources for data systems
Critical
High
Normal
Low
5
requirements
Privacy
Informing and data subject requests

Documentation of personal data sources for data systems

This task helps you comply with the following requirements

14. Information to be provided where personal data have not been obtained from the data subjectGDPR
A.7.3.3: Providing information to PII principalsISO 27701
TSU-19.2: Rekisteröidyn oikeudet - Läpinäkyvä informointiJulkri
P3.1: Collection of personal information is consistent with objects related to privacySOC 2
Informing the controller of the processors of personal data
Critical
High
Normal
Low
6
requirements
Privacy
Informing and data subject requests

Informing the controller of the processors of personal data

This task helps you comply with the following requirements

A.8: Openness, transparency and noticeISO 27018
A.8.1: Disclosure of sub-contracted PII processingISO 27018
A.8.5.6: Disclosure of subcontractors used to process PIIISO 27701
A.8.5.7: Engagement of subcontractor to process PIIISO 27701
A.8.5.8: Change of subcontractor to process PIIISO 27701
Listing of non-recurring data disclosures and contractual commitment to informing them to customers
Critical
High
Normal
Low
7
requirements
Privacy
Informing and data subject requests

Listing of non-recurring data disclosures and contractual commitment to informing them to customers

This task helps you comply with the following requirements

A.6.1: PII disclosure notificationISO 27018
A.6.2: Recording of PII disclosuresISO 27018
A.6: Use, retention and disclosure limitationISO 27018
A.8.5.1: Basis for PII transfer between jurisdictionsISO 27701
A.8.5.4: Notification of PII disclosure requestsISO 27701
P6.1: Disclosure of personal information to third parties with consent of the data subjectsSOC 2
Process for data subjects to edit or cancel a consent
Critical
High
Normal
Low
3
requirements
Privacy
Informing and data subject requests

Process for data subjects to edit or cancel a consent

This task helps you comply with the following requirements

A.7.3.4: Providing mechanism to modify or withdraw consentISO 27701
P2.1: Communication of choices about personal information to data subjectsSOC 2
Article 13.1(.2.m): Removing dataCRA
Process for data subjects to object processing
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Process for data subjects to object processing

This task helps you comply with the following requirements

A.7.3.5: Providing mechanism to object to PII processingISO 27701
TSU-19.4: Rekisteröidyn oikeudet - Tietojen oikaiseminen, poistaminen, siirtäminen, käsittelyn rajoittaminen ja vastustaminenJulkri
Process for data subjects to rectify inaccurate personal data
Critical
High
Normal
Low
3
requirements
Privacy
Informing and data subject requests

Process for data subjects to rectify inaccurate personal data

This task helps you comply with the following requirements

A.7.3.6: Access, correction and/or erasureISO 27701
TSU-19.4: Rekisteröidyn oikeudet - Tietojen oikaiseminen, poistaminen, siirtäminen, käsittelyn rajoittaminen ja vastustaminenJulkri
P5.2: Correction of personal informationSOC 2
Informing third parties about relevant changes to personal data
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Informing third parties about relevant changes to personal data

This task helps you comply with the following requirements

A.7.3.7: PII controllers' obligations to inform third partiesISO 27701
Securely delivering a copy of data subject's personal data
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Securely delivering a copy of data subject's personal data

This task helps you comply with the following requirements

A.7.3.8: Providing copy of PII processedISO 27701
TSU-19.3: Rekisteröidyn oikeudet - Oikeus saada pääsy tietoihinJulkri
Yhteisrekisterinpitäjänä toimiminen
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Yhteisrekisterinpitäjänä toimiminen

This task helps you comply with the following requirements

TSU-03: YhteisrekisterinpitäjätJulkri
58: Yhteisrekisterinpitäjyystilanteiden tunnistaminenDigiturvan kokonaiskuvapalvelu
Identification of the rights available to the data subject
Critical
High
Normal
Low
3
requirements
Privacy
Informing and data subject requests

Identification of the rights available to the data subject

This task helps you comply with the following requirements

TSU-19.1: Rekisteröidyn oikeudet - Rekisteröidyn käytettävissä olevien oikeuksien tunnistaminenJulkri
P5.1: Granting access to stored personal dataSOC 2
§ 19: Behandling av personopplysningerNIS2 NO
Notification channel for the registered for reporting privacy problems
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Notification channel for the registered for reporting privacy problems

This task helps you comply with the following requirements

P8.1: Periodic monitoring of privacy complianceSOC 2
Ensuring the timeliness of privacy communication
Critical
High
Normal
Low
8
requirements
Privacy
Informing and data subject requests

Ensuring the timeliness of privacy communication

This task helps you comply with the following requirements

12. Transparent information, communication and modalities for the exercise of the rights of the data subjectGDPR
18.2.2: Compliance with security policies and standardsISO 27001
18.1.4: Privacy and protection of personally identifiable informationISO 27001
A.7.3.2: Determining information for PII principalsISO 27701
TSU-19.2: Rekisteröidyn oikeudet - Läpinäkyvä informointiJulkri
64: Informointikäytäntöjen määrittäminenDigiturvan kokonaiskuvapalvelu
P1.1: Providing notice to data subjects about privacy practicesSOC 2
9.3.1: Data processing activities managementTISAX
Testing the clarity of privacy communications
Critical
High
Normal
Low
4
requirements
Privacy
Informing and data subject requests

Testing the clarity of privacy communications

This task helps you comply with the following requirements

12. Transparent information, communication and modalities for the exercise of the rights of the data subjectGDPR
TSU-19.2: Rekisteröidyn oikeudet - Läpinäkyvä informointiJulkri
64: Informointikäytäntöjen määrittäminenDigiturvan kokonaiskuvapalvelu
P1.1: Providing notice to data subjects about privacy practicesSOC 2
Ability to provide the data subject with personal data ready for transfer
Critical
High
Normal
Low
5
requirements
Privacy
Informing and data subject requests

Ability to provide the data subject with personal data ready for transfer

This task helps you comply with the following requirements

20. Right to data portabilityGDPR
A.7.3.8: Providing copy of PII processedISO 27701
TSU-19.4: Rekisteröidyn oikeudet - Tietojen oikaiseminen, poistaminen, siirtäminen, käsittelyn rajoittaminen ja vastustaminenJulkri
9.6.1: Management of data subject requestsTISAX
Clear communication about the effects of consent
Critical
High
Normal
Low
1
requirements
Privacy
Informing and data subject requests

Clear communication about the effects of consent

This task helps you comply with the following requirements

P2.1: Communication of choices about personal information to data subjectsSOC 2
Communication methods for refusing to implement data protection requests
Critical
High
Normal
Low
2
requirements
Privacy
Informing and data subject requests

Communication methods for refusing to implement data protection requests

This task helps you comply with the following requirements

P5.1: Granting access to stored personal dataSOC 2
P5.2: Correction of personal informationSOC 2
Complete these tasks in Cyberday ISMS ->

How to comply with this requirement

In Cyberday, requirements and controls are mapped to universal tasks. Each requirement is fulfilled with one or multiple tasks.

Here's a list of tasks that help you comply with the requirement
Informing and data subject requests
of the framework  
Task name
Priority
Task completes
Complete these tasks to increase your compliance in this policy.
Critical
31 requirements
No other tasks found.
Complete these tasks in Cyberday ISMS ->

The ISMS component hierachy

When building an ISMS, it's important to understand the different levels of information hierarchy. Here's how Cyberday is structured.

Framework

Sets the overall compliance standard or regulation your organization needs to follow.

Requirements

Break down the framework into specific obligations that must be met.

Tasks

Concrete actions and activities your team carries out to satisfy each requirement.

Policies

Documented rules and practices that are created and maintained as a result of completing tasks.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Start free trial
Effortless compliance improvement
Widest framework library in EU
Extensive support

Start your compliance journey

Use in MS Teams or use your browser with Slack integration.
Risk free trial. No credit card required. Stop at any time.

Start free 14-day trial
Book a meeting
How it works?
SummarySecurity tasks and assuranceDocumentation workflowsEmployee guidelinesReporting templates
Use cases
By frameworkAll frameworksISO 27001NIS2 directiveNIST CSFCSA CCMISO 27701GDPRISO 27017ISO 27018
By methodCyber risk managementEmployee awarenessCompliance reportingControl managementAsset managementPrivacy managementVendor assessments
Resources
AcademyWebinarsBlogHelp articlesVideo coursesContent libraryGuidesNewsletterLeave a reviewPartner programTeamTerms of usePrivacy policy
Contact us
+358 10 231 6010
team@cyberday.ai
App works in:
Known in Finland as Digiturvamalli
© Cyberday Inc. Kalevantie 2 33100 Tampere, Finland
Cyberday.ai - Improve and certify your cyber security