Privacy Request Policies Overview

"Privacy Request Policies" refer to the policies and procedures implemented within DataGrail's platform to facilitate and manage privacy requests made by data subjects regarding their personal data. These policies encompass the rules and guidelines that govern how an organization handles various privacy requests, such as data access requests, deletion requests, opt-out preferences, or any other privacy-related inquiries made by consumers or users. DataGrail's platform is designed to streamline and automate the management of these requests, ensuring compliance with regulations such as the GDPR, CPRA, and other global privacy laws. Privacy Request Policies within DataGrail's system help companies define and enforce processes for responding to these requests efficiently, ensuring that individuals' privacy rights are respected and fulfilled.

DataGrail User Roles

Only the following User Roles will have access to Request Policies:

• Super Admin
• Request Admin
• Request Agent

NOTE : Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. e.g. If a user had a Live Data Map Admin Role, adding a Super Admin Role to their user record would then allow them access to Request Policies.

Workflow

Request Policies are available by clicking on the Request Manager tab and selecting Request Policies.

From here, Request Policies will appear in a settings page and are available to review only.

On this page, there are three columns that will give a high level overview of the policy and it’s contents:

• Policy
  • Name
• Status
  • Shows if the policy is Active or Inactive and the initial creation date
    of the Policy
• Privacy Rights associated with that Policy

Out of the box, DataGrail sets four default policies for all customers:

• • California Privacy Rights Act (CPRA)
    • US Standard Policy
    • General Data Protection Regulation (GDPR)
    • Global Privacy Rights (GPR)

To add additional policies, please reach out to support@datagrail.io

To view all details of the Policy, the User will click on the policy name. Within the Policy specific page, there are two sections; Policy Settings and About this Policy.

Policy Settings

This section will cover the following information:

• Policy Status
  • Showing if the policy is Active or Inactive and the date it was last Active on
• Internal Name
  • Showing the unique name provided by the User at setup (typically this is just the Policy name)
• External Name
  • Showing the Policy name that the requester will see
• Authorized Agent
  • This allows others to submit a request on the data subject's behalf. They may or may not need documentation proving that they're allowed to represent the data subject
• Verification Method
  • Specified method for verifying a data subject's request before fulfilling it
    • Options include Email and Smart Verification
• Default Privacy Policy
  • The default privacy policy will apply to data subjects who don't meet the criteria of the privacy policies offered

About this Policy

This section will cover the following information:

• Request Duration
  • Amount of time to fulfill the privacy request
• Extension Period
  • Amount of time to extend the deadline of fulfilling a privacy request
• Privacy Rights
  • The request types provided for the specific policy (you can learn more about these here!)
• Locations
  • The locations covered by the specific privacy policy
    • Note : If a policy is globally applied, "Locations" will state "No locations have been set for this policy". Otherwise, "Locations" will be specific to the applicable countries / states.

If you have any questions about this feature, please reach out to your dedicated CSM or support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.