Docs / Portal Overview

Portal Overview

The Public Portal is where data subjects submit GDPR requests directly to your organization. It provides a professional, secure, and compliant way to receive DSARs.

Configure Your Portal →

Integrations - Configure your public case portal URLs
Integrations - Configure your public case portal URLs Integrations - Configure your public case portal URLs

What is the Public Portal?

The Public Portal is a dedicated web page where anyone can submit a data subject request to your organization. Each organization gets a unique portal URL.

Key Features

How It Works

For Data Subjects

  1. Visit Your Portal - Navigate to your portal link
  2. Enter Email - Provide their email address
  3. Verify Identity - Receive and enter an email one-time code (OTP)
  4. Submit Request - Select request type and provide details
  5. Confirmation - Receive a reference number
  6. Track Status - Return to the portal anytime to see progress
  7. Download Response - When you fulfil the request, securely download the response and files

For Your Organization

  1. Notification - Receive email when new request arrives
  2. Case Created - Request automatically becomes a case
  3. Verified Subject - Email already verified through OTP
  4. Process Normally - Handle like any other case

Portal URL

Your portal link is token-based:

https://app.sarportal.com/subjectaccess?token={your-portal-token}

Generate and copy the token (and the full link) in Settings > Integrations. The same link is used by data subjects to submit a request and, later, to track its status and download their response.

Submitting through the portal is optional. You can also log requests that arrive by email or post directly as cases - the portal simply automates intake and verification.

Portal Elements

Request Form

Compliance Features

GDPR Article 28 Notice

The portal displays a clear notice that:

Configurable link to your privacy policy.

Data subjects must acknowledge:

Data Processor Disclosure

Transparent statement about how the request is processed.

Email Verification

Why Verification?

Verification Flow

  1. Subject enters email address
  2. System sends OTP (one-time password)
  3. Subject enters the code
  4. Email is marked as verified
  5. Request can proceed

Code Details

Request Types Available

Data subjects can select from:

Tracking Status & Downloading the Response

The portal isn’t just for submitting - it’s also where the data subject follows their request through to completion.

The Subject’s Journey

  1. Submit the request on the portal
  2. Verify via the email one-time code (OTP)
  3. Track - using the same portal link, the subject sees their request’s current status and reference number
  4. Download - once you (the controller) mark the request fulfilled, the subject can securely download the response and any files you’ve prepared, straight from the portal

Why This Matters

Delivering the Response

When you complete a case, attach the response documents and mark it fulfilled. The subject is notified and can return to the portal link to download. Access is tied to their verified session, so only the verified subject can retrieve the files.

Adding Portal to Your Website

Add to your privacy policy:

To exercise your data rights, visit our
<a href="https://app.sarportal.com/subjectaccess?token=YOUR-TOKEN">
  Subject Access Request Portal
</a>

Dedicated Page

Create a page on your website:

<h1>Submit a Data Request</h1>
<p>Use our secure portal to submit GDPR requests.</p>
<a href="https://app.sarportal.com/subjectaccess?token=YOUR-TOKEN"
   class="button">
  Submit Request
</a>

Simply share the URL via email or other channels.

Benefits of Using the Portal

For Your Organization

For Data Subjects

Portal vs Manual Requests

AspectPortalManual (Email/Letter)
Case CreationAutomaticManual entry required
Email VerificationBuilt-inYou must verify
Audit TrailCompleteMust document yourself
Data CollectionStructuredVariable format
Processing SpeedFasterRequires more steps

Next Steps