Knogin
[Developers]

GDPR Data Subject Access Request Fulfilment

Give every data subject a complete, signed, portable record of their own data within the statutory deadline, with strong digital identity verification and a full audit trail from request to delivery.

Back to All Modules
Category: ModulesLast Updated: May 5, 2026
modulescompliance

Overview#

Give every data subject a complete, signed, portable record of their own data within the statutory deadline, with strong digital identity verification and a full audit trail from request to delivery.

When a data subject exercises rights under GDPR Articles 15-22, the platform automatically aggregates every artefact associated with incidents involving that person, including ePCR encounter records, call audio, transcripts, signed handover documents, and audit-trail events, and assembles them into a single signed HL7 FHIR R4 Bundle. The request is tracked against the Article 12(3) one-month statutory response window throughout, and every disclosure is permanently logged on each affected incident timeline to satisfy future regulatory or court queries.

Key Features#

  • Citizen-Initiated DSAR Portal: A dedicated citizen-facing web surface lets data subjects, or their authorised representatives, lodge access, rectification, erasure, portability, restriction, and objection requests without involving the operational dispatch console.

  • eIDAS 2.0 Identity Verification: Citizen identity is established to a substantial or high assurance level before any records are enumerated, using an eIDAS-compatible OpenID Connect flow rather than ad-hoc credential checks.

  • Cross-Incident Enumeration: A single request automatically discovers every incident where the data subject is the patient, cross-referenced by national health number or national system identifier where available, so the disclosure pack is complete rather than limited to incidents recalled manually.

  • Unified FHIR R4 Bundle Export: The pack builder assembles ePCR encounter resources, call audio references, transcripts, signed handover documents, and audit events into a single signed HL7 FHIR R4 Bundle, giving the citizen a portable, machine-readable record that any compliant health information system can consume directly.

  • Third-Party PII Pseudonymisation: Other patients, bystanders, callers, or family members appearing in the same incident artefacts are redacted through the platform's pseudonymisation vault before the bundle is released, so the data subject receives only their own personal data.

  • 30-Day Statutory SLA Tracking: Every request is timestamped on receipt and tracked against the GDPR Article 12(3) one-month response window, with automated escalation as deadlines approach.

  • Disclosure-on-Incident Audit Trail: The fulfilment event itself is logged on each touched incident's audit timeline, so any subsequent DSAR, regulatory query, or court request can establish precisely what was released, when, and to whom.

  • Data Protection by Design: The workflow implements GDPR Article 25 controls throughout, applying per-tenant data sovereignty boundaries and minimising data surface at every processing step.

Use Cases#

Patient Requesting Their Own Care Record#

A patient transported by ambulance requests everything the service holds about them. A signed FHIR Bundle covering all encounters, call audio, transcripts, and audit events is delivered through the citizen portal within the 30-day statutory window.

Authorised Representative Acting on Behalf of a Patient#

A solicitor or family member with valid authority lodges a request on behalf of the data subject. The eIDAS identity check binds the request to the verified representative, and the disclosure history records the legal basis for release.

Rectification or Erasure Request#

A data subject asserts rights under Articles 16 or 17. The same enumeration logic scopes every incident touched by the request, and the audit trail captures which fields were corrected or which records were retained on a documented legal basis.

Portability Request to Another Provider#

Under Article 20, the FHIR R4 Bundle format makes the export directly usable by a receiving health information system, removing the need for manual re-keying from a PDF.

Regulator or Data Protection Commission Query#

Following a complaint, the Data Protection Commission asks what was disclosed to a complainant. The disclosure log on each incident timeline provides a precise, auditable history without trawling email archives or shared drives.

Multi-Jurisdiction Deployments#

Organisations operating across borders can satisfy data-subject rights obligations in each jurisdiction through the same workflow, with per-tenant data sovereignty ensuring that records never cross regional boundaries without explicit authorisation.

Integration#

Customers and developers connect to the DSAR workflow through three primary surfaces.

Citizen-Facing Portal: A locale-aware web application provides the citizen entry point for submitting and tracking requests. It is reachable independently of the operational console and is styled to your organisation's branding.

Platform REST and GraphQL APIs: Programmatic access to request status, SLA timelines, and disclosure history is available through the platform's REST and GraphQL APIs, secured with OAuth 2.0 bearer tokens. Case management or ticketing systems can query or update request state without human intervention.

Webhook Notifications: Portal delivery milestones and SLA events are emitted as signed Standard Webhooks (HMAC-SHA-256) so downstream systems can react in real time without polling. Events follow the CloudEvents 1.0 envelope and include lifecycle stages such as request received, export assembled, and request fulfilled.

Identity and Access Management: Citizen identity verification uses the platform's eIDAS-compatible OpenID Connect profile. Operational staff access is governed by the organisation's existing OAuth 2.0 and SAML 2.0 identity provider, with role-based controls limiting who may view, action, or close requests.

Compliance Reporting: The platform generates PDF/A-3 compliance assessment reports suitable for submission to supervisory authorities, embedding the machine-readable compliance dataset as an attachment in accordance with the PDF/A-3 standard.

Open Standards#

  • EU GDPR (Regulation 2016/679), Articles 12-22: the statutory framework governing data-subject rights fulfilment, SLA obligations, lawful basis, and documentation requirements that the entire workflow is built to satisfy.
  • EU GDPR Article 25: data protection by design and by default, applied throughout the enumeration, redaction, and assembly pipeline.
  • EU GDPR Article 32: security of processing requirements, including encryption at rest and in transit, addressed by AES-256-GCM and TLS controls.
  • EU GDPR Article 33: 72-hour breach notification obligation, tracked alongside DSAR SLAs within the same compliance dashboard.
  • eIDAS Regulation (EU) No 910/2014, Level 2.0: strong citizen identity verification at substantial or high assurance before any personal data is enumerated or released.
  • HL7 FHIR R4 (Release 4, v4.0.1): the assembled patient record export is delivered as a signed FHIR R4 Bundle, with subject identity bound to a FHIR Patient resource and representative consent expressed using the FHIR Consent resource, ensuring portability to any FHIR-compliant health system.
  • OpenID Connect (OIDC) 1.0: citizen and staff authentication flows use an OIDC-compatible identity provider, enabling federated login with national or organisational identity schemes.
  • OAuth 2.0 (RFC 6749): API access to request management and disclosure history is secured with OAuth 2.0 bearer tokens and scoped consent grants.
  • SAML 2.0: operational staff single sign-on integrates with enterprise identity providers via SAML 2.0 assertions.
  • Standard Webhooks (HMAC-SHA-256): outbound event notifications are signed according to the Standard Webhooks specification so receiving systems can verify authenticity and reject replayed deliveries.
  • CloudEvents 1.0: DSAR lifecycle events are wrapped in the CloudEvents 1.0 envelope, enabling any compliant event broker or consumer to subscribe without bespoke parsing.
  • PDF/A-3 (ISO 19005-3): compliance assessment reports are generated in PDF/A-3B format, embedding the machine-readable dataset as a file attachment to meet long-term archival and regulatory submission requirements.
  • ISO 27001: information security management for the disclosure pipeline aligns with the ISO 27001 control framework, and platform infrastructure holds current ISO 27001 certification.
  • NIST SP 800-53: account management (AC-2), audit logging (AU-2), identification and authentication (IA-2), and transmission confidentiality (SC-8/SC-13) controls are assessed against NIST 800-53 control requirements.
  • SOC 2 Type II: platform infrastructure maintains SOC 2 Type II attestations covering the security, availability, and confidentiality trust service criteria relevant to DSAR data handling.

Security and Compliance#

All personal data in the disclosure pipeline is encrypted at rest using AES-256-GCM and in transit over TLS. Third-party personal data is removed through a pseudonymisation vault before any bundle is signed or delivered, implementing GDPR Article 5(1)(c) data minimisation at the point of export.

The audit-trail chain uses an append-only, HMAC-signed log to guarantee that the disclosure history cannot be altered after the fact, satisfying audit-trail and data-lineage requirements for regulatory and court proceedings.

Per-tenant data sovereignty boundaries ensure that data belonging to one organisation or jurisdiction is never commingled with or accessible to another tenant, regardless of shared infrastructure.

The platform's compliance assessment module produces PDF/A-3 reports covering GDPR, NIST 800-53, and SOC 2 Type II control checks, giving data protection officers a ready-made evidence pack for supervisory authority enquiries.

Last Reviewed: 2026-05-05 / Last Updated: 2026-05-05

Ready to Build?

Get started with our APIs or contact our integration team for support.