GDPR and erasure
What consent Dossia records, how the one-click erasure flow works, and how to handle a client's data request.
Dossia is built so you can answer a client's data-protection request without involving a developer. This page covers the two pillars: consent records and the erasure flow.
Consent records
Dossia records consent at two moments:
| Who | When | What is recorded |
|---|---|---|
| Your client | On their first visit to the upload portal | Acceptance of the consent notice, with timestamp, IP address, and the version of the terms they accepted |
| You (the broker) | At account creation | Your acceptance of the terms, stamped on your account |
Clients cannot upload anything before accepting the notice — so every file in Dossia is backed by a recorded consent.
Erasing a client (Art. 17)
When a client asks you to delete their data, use the Erase action on the Clients page. A confirmation dialog explains exactly what will happen:
This permanently deletes {name} and ALL their data — every document request, uploaded file, and their consent record. It fulfils a GDPR erasure request (Art. 17) and cannot be undone.
To confirm, you must type the client's name exactly. This prevents accidental deletions — there is no undo.
What gets deleted
| Data | Effect |
|---|---|
| The client record | Removed |
| All cases and document requests | Removed (cascade) |
| All document rows | Removed (cascade) |
| All uploaded files in storage | Permanently deleted |
| The consent record | Removed |
What remains
The deletion itself is stamped in the audit log. This gives you proof that the erasure was carried out and when — without retaining any of the client's personal data.
Handling a client's data request
A practical sequence when a client invokes their GDPR rights:
- Verify the requester. Make sure the request really comes from the client (for example, from the email address on their record).
- Access requests: open the client's cases to see what you hold — their details, the documents requested, and the files uploaded.
- Erasure requests: use the Erase action as described above. The cascade covers everything Dossia holds about them, including storage files.
- Keep your own house in order. Erasure removes data from Dossia; if you have downloaded copies of their documents elsewhere, deleting those is your responsibility.
Note: Rejecting a document during normal review also deletes that file from storage immediately — so files you have refused are never silently retained.
For the broader picture of where data lives and how it is protected, see Security and data protection.