Pandora’s Handling of Data Subject Rights

Victoria Maria Cura RodriguezVictoria Maria Cura Rodriguez
Written by
Victoria Maria Cura Rodriguez
Peter Gregersen
March 19, 2024


In today’s digital realm, safeguarding and protecting data stands as a significant concern, with data subject rights occupying a central position in privacy regulatory frameworks globally. As a global organization, Pandora places great emphasis on adhering to local privacy laws across multiple jurisdictions. This article delves into how Pandora navigates new and existing local legal frameworks with the support of privacy management tools to confront forthcoming challenges.

Navigating Local Legal Frameworks as a Global Company

For global organizations like Pandora, observing local legal frameworks assumes critical significance. The General Data Protection Regulation (GDPR) serves as Pandora's foundational pillar, supplemented by local frameworks like the California Privacy Rights Act (CPRA), Lei Geral de Proteção de Dados Pessoais (LGPD) in Brazil, and the Personal Data Protection Act (PDPA) in Thailand. These legal frameworks delineate personal data rules and emphasize data subject rights such as access, rectification, and erasure.

Understanding these regulations is vital for entities operating across diverse jurisdictions. While the GDPR primarily concerns itself with the protection of personal data within the European Union, the CPRA extends privacy rights to residents of California, thereby introducing nuances to compliance endeavours. Notably, the CPRA introduces the right to opt-out, empowering individuals to prohibit the sharing of their personal information with third parties. Another example could be the LGDP in Brazil which requires a response time of 15 days as opposed to the one month in the GDPR and 45 days in the CPRA, further complicating the requirements of the technical and organisational setup. 

Privacy Management Tools for Handling Requests

Given these complex regulatory landscapes, efficient management of data subject requests (DSRs) requires standardized procedures for logging and tracking requests, securely storing relevant data, and delivering consistent responses to consumers. Utilizing data privacy platforms can streamline DSR compliance, improving operational efficiency and legal compliance.

Pandora utilizes a popular privacy management tool to handle DSRs, meticulously documenting and tracking requests by jurisdiction and ensuring timely responses. A well-documented process for handling DSRs is essential, enabling systematic and comprehensive responses within legal deadlines.

Future Challenges and Opportunities

Looking ahead, organisations must proactively anticipate and address emerging challenges in data subject rights management. Automation and data classification are key areas for innovation, streamlining operational processes, and enhancing compliance with new and evolving regulations.

Pandora's user-friendly submission interfaces facilitate quick request lodging, while automated verification and proactive notifications keep data subjects informed and compliant. Leveraging advanced data classification methods will optimize resource allocation and mitigate risks, demonstrating Pandora's commitment to data protection and privacy. 


As the era of data subject empowerment unfolds, businesses must navigate complex data protection landscapes with confidence and integrity. By using the GDPR as the main pillar and adapting to local privacy regulations, global companies like Pandora can honour data subject rights and build consumer trust by using user-friendly privacy management tools with clear governance and scalability at heart.

Share this article: