D&B provides a web-based portal where individuals can submit requests to access, correct, or delete their personal data held by D&B entities, covering both personal and professional data.
This analysis describes what Dun & Bradstreet's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
The existence of a rights portal is the primary mechanism through which individuals can discover and control what data D&B holds about them, particularly relevant given D&B's data broker status and the likelihood that many individuals are unaware their data is held.
Interpretive note: The document does not specify response timelines, the scope of data covered across all three registered data broker entities, or the identity verification process, creating uncertainty about the practical effectiveness of the rights mechanism.
Individuals can submit data access, correction, or deletion requests via D&B's TrustArc-hosted portal, which applies to both personal and professional data held by D&B. The practical scope of which rights are available may vary by jurisdiction, as GDPR, CCPA, and other frameworks confer different and not always identical rights.
Cross-platform context
See how other platforms handle Individual Data Subject Rights Portal and similar clauses.
Compare across platforms →Monitoring
Dun & Bradstreet has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We are committed to respecting the data and digital rights of individuals in both their personal and professional capacities as set forth in our Global Data Subject Rights Policy Statement. You may exercise your rights in connection with our data processing here.— Excerpt from Dun & Bradstreet's D&B Privacy Policy
REGULATORY LANDSCAPE: The data subject rights framework engages GDPR Articles 15-22 (rights of access, rectification, erasure, restriction, portability, and objection), CCPA/CPRA rights to know, delete, and correct, and equivalent rights under the UK GDPR, Swiss FADP, and other applicable national laws. The TrustArc platform as the operational mechanism for rights fulfillment means D&B has engaged a third-party consent and rights management processor, which itself introduces a sub-processor relationship subject to data processing agreement requirements. GOVERNANCE EXPOSURE: Medium. The rights portal commitment is positive from a transparency standpoint, but the adequacy of response timelines, identity verification processes, and the scope of data covered (across all three registered data broker entities) is not detailed in this document. GDPR requires responses within 30 days; CCPA requires responses within 45 days with a possible 45-day extension. JURISDICTION FLAGS: EU and UK data subjects have the strongest enforceable rights framework, including the right to object to processing on legitimate interests grounds and the right to lodge complaints with supervisory authorities. California residents have CCPA/CPRA rights that may be more operationally straightforward to enforce. Rights available to individuals in jurisdictions without comprehensive privacy laws (e.g., most U.S. states outside California, Colorado, Virginia, Texas) depend on D&B's voluntary commitments under this statement. CONTRACT AND VENDOR IMPLICATIONS: Organizations that have provided D&B with employee or customer data through data licensing or API integrations should assess whether their vendor agreements with D&B address downstream data subject rights fulfillment obligations, including who is responsible for responding to deletion requests that flow through the organization's own privacy mechanisms. COMPLIANCE CONSIDERATIONS: Compliance teams should verify that D&B's TrustArc sub-processor arrangement is covered under an appropriate data processing agreement and that D&B's response to rights requests includes data held by Eyeota and NetWise entities. Teams should also confirm whether the portal's geographic scope covers all jurisdictions in which their employees or customers may be located.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
The existence of a rights portal is the primary mechanism through which individuals can discover and control what data D&B holds about them, particularly relevant given D&B's data broker status and the likelihood that many individuals are unaware their data is held.
Individuals can submit data access, correction, or deletion requests via D&B's TrustArc-hosted portal, which applies to both personal and professional data held by D&B. The practical scope of which rights are available may vary by jurisdiction, as GDPR, CCPA, and other frameworks confer different and not always identical rights.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Dun & Bradstreet.