Control Buttons: Use the controls on the right to zoom, reset, or fit to screen
Zoom: 100%
Loading diagram...
flowchart TD
Start([System Start]) --> DP[Data Principal]
%% Registration Flow
DP --> RegChoice{Choose Registration Type}
RegChoice -->|Vendor| VendorForm[Vendor Registration Form]
RegChoice -->|Customer| CustomerForm[Customer Registration Form]
RegChoice -->|Employee| EmployeeForm[Employee Registration Form]
RegChoice -->|Candidate| CandidateForm[Candidate Registration Form]
RegChoice -->|Visitor| VisitorForm[Visitor Registration Form]
VendorForm --> Consent1[Consent Checkbox Mandatory]
CustomerForm --> Consent2[Consent Checkbox Mandatory]
EmployeeForm --> Consent3[Consent Checkbox Mandatory]
CandidateForm --> Consent4[Consent Checkbox Mandatory]
VisitorForm --> Consent5[Consent Checkbox Mandatory]
Consent1 --> Submit1[Submit Form]
Consent2 --> Submit2[Submit Form]
Consent3 --> Submit3[Submit Form]
Consent4 --> Submit4[Submit Form]
Consent5 --> Submit5[Submit Form]
Submit1 --> RecordConsent1[Record Consent IP, Device, Timestamp]
Submit2 --> RecordConsent2[Record Consent IP, Device, Timestamp]
Submit3 --> RecordConsent3[Record Consent IP, Device, Timestamp]
Submit4 --> RecordConsent4[Record Consent IP, Device, Timestamp]
Submit5 --> RecordConsent5[Record Consent IP, Device, Timestamp]
RecordConsent1 --> SaveDB1[Save to Database Status: pending_approval]
RecordConsent2 --> SaveDB2[Save to Database Status: pending_approval]
RecordConsent3 --> SaveDB3[Save to Database Status: pending_approval]
RecordConsent4 --> SaveDB4[Save to Database Status: pending_approval]
RecordConsent5 --> SaveDB5[Save to Database Status: pending_approval]
SaveDB1 --> NotifyApprovers1[Email Notification to Approvers]
SaveDB2 --> NotifyApprovers2[Email Notification to Approvers]
SaveDB3 --> NotifyApprovers3[Email Notification to Approvers]
SaveDB4 --> NotifyApprovers4[Email Notification to Approvers]
SaveDB5 --> NotifyApprovers5[Email Notification to Approvers]
NotifyApprovers1 --> ApprovalDash[Registration Approval Dashboard]
NotifyApprovers2 --> ApprovalDash
NotifyApprovers3 --> ApprovalDash
NotifyApprovers4 --> ApprovalDash
NotifyApprovers5 --> ApprovalDash
%% DBA Review Workflow (Admin/DPO assigns before final decision)
ApprovalDash --> AssignDBA[Admin/DPO Assign to DBA User Email or Teams Notification]
AssignDBA --> DBAReview[DBA Reviews Assigned Registration View Details + Give Go-Ahead]
DBAReview --> DBAComplete[DBA Go-Ahead Recorded dba_review_status: completed]
%% Approval Workflow
ApprovalDash --> ViewDetails[View Details Button]
ViewDetails --> ShowData[Display Registration Data + Change History if Modified]
DBAComplete --> DPOAction{DPO/Admin Final Action Blocked while DBA review pending}
ApprovalDash --> DPOAction
DPOAction -->|Approve| Approve[Approve Record]
DPOAction -->|Reject| Reject[Reject Record Final State]
DPOAction -->|Return| Return[Return for Changes + Comments]
Approve --> UpdateStatus1[Status: approved]
Reject --> UpdateStatus2[Status: rejected]
Return --> UpdateStatus3[Status: returned]
UpdateStatus3 --> GenModToken[Generate Modification Token 7-day validity]
GenModToken --> EmailDP[Email to DP with Modification Link]
EmailDP --> DPModify[DP Clicks Link]
DPModify --> PrefillForm[Form Pre-filled with Existing Data]
PrefillForm --> LockFields[Lock Critical Fields registered_name, entity_type, etc.]
LockFields --> DPEdits[DP Makes Changes]
DPEdits --> SubmitModify[Submit Modifications]
SubmitModify --> TrackChanges[Track Changes Old vs New Values]
TrackChanges --> AuditLog1[Create Audit Log DATA_MODIFICATION_SUBMITTED]
AuditLog1 --> UpdateDB[Update Database Status: pending_approval]
UpdateDB --> NotifyApproversMod[Email Notification to Approvers]
NotifyApproversMod --> ApprovalDash
UpdateStatus1 --> EnableDownload[Enable Download Button DPO/Admin + Assigned DBA]
EnableDownload --> ExcelExport[Export to Excel Registration Data + Files]
%% Data Subject Rights Flow
DP --> TicketPortal[Ticket Portal Data Subject Rights]
TicketPortal --> VerifyStep1[Step 1: Identity Verification Email/Phone + Entity Name]
VerifyStep1 --> CheckDB[Check Database Match Credentials]
CheckDB -->|Match Found| OTPGen[Generate OTP 6-digit code]
CheckDB -->|No Match| ErrorMsg[Error: No Match Found]
OTPGen --> SendOTP[Send OTP Email to Requestor Email]
SendOTP --> OTPStep2[Step 2: OTP Verification]
OTPStep2 --> VerifyOTP{OTP Valid?}
VerifyOTP -->|Valid| RequestType[Step 3: Select Request Type]
VerifyOTP -->|Invalid| OTPError[OTP Error Retry]
RequestType --> AccessReq[Access My Data]
RequestType --> ExportReq[Export My Data]
RequestType --> ModifyReq[Modify My Data]
RequestType --> DeleteReq[Delete My Data]
RequestType --> ObjectReq[Object to Processing]
RequestType --> RestrictReq[Restrict Processing]
%% Access/Export Flow
AccessReq --> CreateTicket1[Create Ticket Request Type: access]
ExportReq --> CreateTicket2[Create Ticket Request Type: portability]
CreateTicket1 --> GenDownloadLink[Generate Secure Download Link]
CreateTicket2 --> GenDownloadLink
GenDownloadLink --> FetchAllData[Fetch All Data Registration + Consent + Requests]
FetchAllData --> CreateExcel[Create Excel File Multiple Sheets]
CreateExcel --> EmailDownload[Email Download Link to Requestor Email]
EmailDownload --> DPDownload[DP Clicks Link]
DPDownload --> DownloadExcel[Download Excel with All Data + Attachments]
%% Modify Flow (from Ticket Portal)
ModifyReq --> CreateTicket3[Create Ticket Request Type: rectification]
CreateTicket3 --> FetchModData[Fetch Registration Data Based on Verified Credentials]
FetchModData --> StoreSession[Store in SessionStorage]
StoreSession --> RedirectForm[Redirect to Form ?modify=true]
RedirectForm --> PrefillForm
%% Delete Flow
DeleteReq --> CreateTicket4[Create Ticket Request Type: erasure]
CreateTicket4 --> TicketDash[Ticket Dashboard]
TicketDash --> ViewTicket[View Ticket Details]
ViewTicket --> AssignTicket[Assign to Stakeholder Email + MS Teams Notification]
AssignTicket --> StakeholderDash[Stakeholder Dashboard View Assigned Tickets]
TicketDash --> AcknowledgeDelete[Acknowledge Deletion Email to Requestor]
TicketDash --> ApproveDelete[Approve Deletion]
ApproveDelete --> NotifyStakeholders[Notify Stakeholders Remove from Other Systems]
ApproveDelete --> MasterDataUpdate[Master Data Update Button]
MasterDataUpdate --> ClearDB[Clear from DPDPA DB]
ClearDB --> ConfirmEmail[Confirmation Email to Requestor]
%% Object/Restrict Flow
ObjectReq --> CreateTicket5[Create Ticket Request Type: objection + Mandatory Notes]
RestrictReq --> CreateTicket6[Create Ticket Request Type: restriction + Mandatory Notes]
CreateTicket5 --> TicketDash
CreateTicket6 --> TicketDash
TicketDash --> AcknowledgeObjRest[Acknowledge Request + Response Email]
AcknowledgeObjRest --> TagRecord[Tag Registration Object/Restrict Status]
%% Styling
classDef registrationForm fill:#e0f2fe,stroke:#0369a1,stroke-width:2px
classDef consent fill:#fef3c7,stroke:#d97706,stroke-width:2px
classDef approval fill:#d1fae5,stroke:#059669,stroke-width:2px
classDef modification fill:#fef3c7,stroke:#f59e0b,stroke-width:3px
classDef ticket fill:#fce7f3,stroke:#be185d,stroke-width:2px
classDef database fill:#e9d5ff,stroke:#7c3aed,stroke-width:2px
classDef email fill:#dbeafe,stroke:#2563eb,stroke-width:2px
class VendorForm,CustomerForm,EmployeeForm,CandidateForm,VisitorForm registrationForm
class Consent1,Consent2,Consent3,Consent4,Consent5,RecordConsent1,RecordConsent2,RecordConsent3,RecordConsent4,RecordConsent5 consent
class ApprovalDash,Approve,ViewDetails,ShowData,DPOAction approval
class AssignDBA,DBAReview,DBAComplete fill:#bfdbfe,stroke:#2563eb,stroke-width:2px
class DPModify,PrefillForm,LockFields,DPEdits,SubmitModify,TrackChanges,UpdateDB,GenModToken modification
class TicketPortal,VerifyStep1,OTPGen,OTPStep2,RequestType,CreateTicket1,CreateTicket2,CreateTicket3,CreateTicket4,CreateTicket5,CreateTicket6,TicketDash ticket
class SaveDB1,SaveDB2,SaveDB3,SaveDB4,SaveDB5,CheckDB,AuditLog1,ClearDB database
class NotifyApprovers1,NotifyApprovers2,NotifyApprovers3,NotifyApprovers4,NotifyApprovers5,EmailDP,EmailDownload,NotifyStakeholders,ConfirmEmail email
📋 Key Process Flows
Registration Flow: DP fills form → Consent recorded → Data saved → Email to approvers → Appears on Registration Approval Dashboard
DBA Review Flow: Admin/DPO assigns registration to a DBA user → DBA notified (Teams or email) → DBA views details and gives go-ahead → DPO/Admin can then Approve/Reject/Return
Approval Flow: DPO/Admin views details → Approve/Reject/Return (blocked while DBA review is pending if assigned) → Status updated → Notifications sent
Modification Flow: DPO/Admin returns record → DP receives email with link → Form pre-filled → DP edits → Changes tracked → Back to approval
Data Subject Rights: DP verifies identity → OTP verification → Selects request type → Ticket created → Processed by DPO/Admin on Ticket Dashboard
Access/Export: Secure download link generated → Excel file created → Email sent to requestor
Delete Request: Ticket created → Assigned to stakeholder → Approved → Master data update → Confirmation sent
🔐 Security & Compliance Features
Mandatory consent collection with IP, device, and timestamp
Mandatory browser GPS for staff login on production (Admin, DPO, Compliance Officer, Auditor)
OTP-based identity verification for rights requests