Once you’ve completed your data review for a subject rights request, you can generate the reports you need to complete the request. What Priva does is create reports and collect the files that were marked as Include during the data review process. You can then provide the files and reporting to the data subject to fulfill their original request.

Reports are divided into two different sections. You have reports for the data subject and reports for internal use. Reports for the data subject contain information that you can provide to the data subject to fulfill their request. This kind of report includes the data package that contains files that you can send to the data subject.

Reports for internal use are for your organization's internal records. This kind of report contains an audit log and a list of all the files you applied tags to during the data review. The subject rights request data package that’s included in a report for the data subject will include items that you marked as Include during data review. It’s provided in .zip format.

When you're ready to download the data package, click Download.

When you open the zip file of the data package, you’ll find a few items. You’ll see a folder named Azure. And you’ll see some files outside of the Azure folder, including two spreadsheets called Results and Summary. The files that exist outside of the Azure folder are there for reference.

In the Azure folder, you’ll see a file named AEDExport.zip. This includes another file folder with a long name that consists of numbers and letters. This folder includes the files that you see on your screen.

After opening the Azure folder, review the items inside, and decide what needs to be sent to the data subject. For example, if the subject asked for a copy of everything containing their personal data, review the items in the NativeFiles folder and remove anything that doesn’t include their personal data.

After removing content that doesn’t need to go in the final package, rezip everything and securely send the zip file to the data subject who made the initial subject rights request.

Now, earlier, I mentioned audit logs. What the audit log is, is a CSV file. This CSV file provides a record of what happened in each stage of subject rights request, including the date and time completed, and the user name of the person who completed each step.

Tagged files reports are also CSV files. These reports list out the content items that were tagged during data review.

The reports that get created during a Subject Rights Request, along with their associated data, are stored, by default, for 30 days from when the associated subject rights request is closed. However, this retention period can be changed in Priva’s settings.

The data retention period is defined in the Data Retention Periods section within Priva’s Settings.

After you’ve completed all the required steps for a subject rights request, you can mark the request as closed by selecting Close the request in the request details page. Once you close a request, it's no longer active. Closed requests can't be re-opened.