Personal Data Rights (PDR) external-facing form

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The Personal Data Rights (PDR) external-facing form enables secure submission of Data Subject Requests (DSRs) from a public website, without logging in. The form is customizable, supports jurisdiction-based privacy rights, and verifies requester identity via email before creating a case.

    The PDR external-facing form enables customers, ex-employees, or third-party individuals to securely initiate Data Subject Requests (DSRs), without logging into internal portals. Organizations can embed a dedicated PDR form URL into their public website or privacy page. This enables a requester to submit a privacy request end‑to‑end while the system verifies identity through email-based verification before a case is created. The PDR form is customizable and can be easily embedded on external sites.

    Audience

    • Requester (customer, ex-employee, or third-party individual).
    • Privacy administrators and developers configuring the form, jurisdiction mappings, and email templates.

    Key benefits

    • Enables requesters to submit PDRs directly from the organization's public site. No Employee Center access is required.
    • Ensures that the identity of the requester is verified through an email-based verification code before any request is accepted.
    • Supports region-specific jurisdiction-driven request types and privacy-by-design practices.
    • Smoothens the intake of PDR requests, triggers acknowledgments with PDR numbers, and hands off to privacy agents for fulfillment.

    Configurable privacy rights

    Administrators can configure which privacy rights are available per jurisdiction. The country (and state, where applicable) selected by the requester determines which rights appear on the external-facing PDR form.

    Examples:
    • Right to opt-out: Request to be opted out from sales or targeted marketing.
    • Right to correct: Request correction of inaccurate or incomplete personal data.
    • Right to delete: Request personal data to be erased.
    • Right to know: Request details about the personal data collected and its use.

    Administrators can add additional rights beyond these defaults as needed to meet organizational or regulatory requirements.