Privacy Compliance¶
Dxtra helps organizations manage privacy compliance through data subject rights processing, consent management, and processing activity tracking.
Core Features¶
Data Subject Rights¶
Dxtra tracks and manages data subject rights requests submitted through the Transparency Center or the dashboard.
Supported Request Types:
| Request Type | Description | Regulation |
|---|---|---|
| Access | Allow data subject access to their data | GDPR Art. 15 |
| Rectify | Correct inaccurate stored data | GDPR Art. 16 |
| Erasure | Delete personal data | GDPR Art. 17 |
| Data Copy | Export data in portable format | GDPR Art. 20 |
| Data Transfer | Transfer data to another controller | GDPR Art. 20 |
| No Sale | Do not sell personal information | CCPA |
| No Track | Do not track | ePrivacy |
| No Profile | Do not profile | GDPR Art. 21 |
| Other | Custom request types | Various |
Request Workflow:
- Data subject submits request via Transparency Center
- Request logged with identity verification status tracking
- Event trigger notifies handlers via webhook
- Status updated through resolution process
Consent Management¶
Dxtra provides consent form generation and tracking:
- Consent forms -- Template-based forms with configurable sections and disclosure types
- Consent records -- Links consent to specific processing purposes
- Consent values -- Tracks individual data subject consent choices
Processing Purpose Tracking¶
Processing purposes are managed with legal basis documentation per GDPR Article 6:
- Consent -- Freely given, specific, informed agreement
- Contractual necessity -- Necessary for contract performance
- Legal obligation -- Required by law
- Legitimate interests -- Controller's legitimate interests
- Vital interests -- Protection of life
- Public interest -- Public interest or official authority
Each purpose includes retention period, usage period, and whether the processing is essential for service delivery.
Compliance Issue Tracking¶
Track compliance gaps and resolutions in the dashboard:
- Current status (open, in progress, resolved)
- Priority level
- Issue description and details
- Dismissal status for reviewed issues
Supported Regulations¶
GDPR (European Union)¶
Full support for GDPR data subject rights and Article 30 record keeping:
- Rights management -- All eight GDPR data subject rights
- Legal basis tracking -- Regional citation references for 40+ jurisdictions
- Processing records -- Purpose, data category, and retention tracking
- Response timelines -- 30-day requirement tracking
See GDPR Implementation Guide for details.
CCPA (California)¶
Consumer rights implementation for California residents:
- Right to Know -- Data disclosure capabilities
- Right to Delete -- Erasure request handling
- Right to Opt-Out -- No Sale request type support
- Response timelines -- 45-day requirement tracking
See CCPA Implementation Guide for details.
Integration Support¶
Dxtra tracks data processor integrations with pre-configured retention periods:
| Processor | Retention | Usage |
|---|---|---|
| Stripe | 5 years | 13 months |
| Shopify | While active | While active |
| WooCommerce | 30 days | 30 days |
| Mailchimp | While active | While active |
| Klaviyo | 90 days | 90 days |
| Google Ads | 11 years | 180 days |
| Google Analytics | 50 months | 180 days |
Getting Started¶
- Data Controller setup -- Create your organization profile
- Processing purposes -- Define processing activities with legal basis
- Consent configuration -- Set up consent forms for each purpose
- Rights portal -- Enable the Transparency Center for data subjects
- Integration setup -- Connect third-party data processors
See Data Controller Setup to begin.
For Auditors and Regulators¶
If you are conducting a compliance audit, use the resources below for quick access to compliance evidence and documentation.
| Evidence Type | Description | Link |
|---|---|---|
| Processing Records (ROPA) | GDPR Article 30 records | Article 30 |
| Audit Logs | Data processing activity trails | Audit Logging |
| Rights Request Records | DSAR fulfillment history | Rights Requests |
| Incident Records | Breach documentation | Incident Response |
| Compliance Issues | Gap tracking and resolution | Compliance Monitoring |
Related Documentation¶
- GDPR Implementation -- European data protection compliance
- CCPA Implementation -- California privacy law
- GDPR Article 30 -- Processing records requirements
- Data Retention -- Retention policy management
- Incident Response -- Breach notification procedures
- Security and Compliance -- Security practices
- HIPAA Considerations -- Healthcare data considerations