Skip to main content

Quickstart

This guide walks your engineering team through the full Data Broker Compliance implementation — from connecting your systems to receiving your first DROP deletion request. Complete each step in order before moving to the next.

Prerequisites

Before starting, ensure your privacy team has:

  • Reviewed the Overview and identified all in-scope systems
  • A DataGrail account with Super Admin or Connections Manager access
  • Credentials for each system you are connecting

Connect Your In-Scope Systems

Data Broker Compliance uses the same integration framework as Request Manager. If your in-scope systems are already connected to DataGrail for privacy request processing, you may only need to enable the DROP Compliance capability on those existing integrations.

Enable DROP Compliance on an Existing Integration

If a system is already connected to DataGrail:

  1. Navigate to Integrations in the left sidebar.
  2. Select the integration you want to enable for DROP Compliance.
  3. In the integration settings, locate Enabled Capabilities.
  4. Enable the DROP Compliance capability.
  5. Select Save Changes.

Connect a New Integration

If a system is not yet connected to DataGrail:

  1. Navigate to Integrations in the left sidebar.
  2. Select Configure New Integration and search for the system you want to connect.
  3. Select Configure and enter an Integration Name.
  4. Under Enabled Capabilities, enable DROP Compliance.
  5. Follow the integration-specific connection instructions to enter credentials and complete the setup.
  6. Select Save to connect the integration.
Internal Systems

If your in-scope system is a first-party data store not available in the DataGrail integration catalog, you can connect it using an Internal Systems Integration. Contact support@datagrail.io to scope the right approach for custom or proprietary data stores.

Choose a Deletion Dispatch Method

When DataGrail finds a match in the DROP registry, it needs to notify your systems to perform the deletion. Choose the dispatch method that best fits your infrastructure.

MethodHow it worksBest for
WebhookDataGrail POSTs to a URL you configureTeams with existing webhook infrastructure
PollingYour agent regularly pulls pending deletion requests from DataGrail to meet the 45-day SLATeams that prefer outbound-only network patterns
ISI (Internal Systems Integration)DataGrail calls your hosted API directlyTeams that already have an ISI API or want full control over deletion logic

See API Reference for the full technical specification for each dispatch method.

Configure Identifier Types

Select the DROP list types that match the personal information your in-scope systems hold. DataGrail subscribes to DROP registry lists on your behalf based on your selections.

  1. Navigate to DROP Compliance in the left sidebar.
  2. Select the List Selections tab.
  3. Toggle on each identifier type that matches personal information held in your connected systems.
  4. Select Save.

See Identifier Configuration for the full list of available identifier types and guidance on which to select.

Deliver Consumer Identifiers

Before DataGrail can match DROP registry deletion requests against your data, you need to deliver your consumer identifiers to DataGrail via cloud storage.

DataGrail recommends the pre-hashed ingestion path — you apply the DROP standardization and hashing rules before sending, and DataGrail stores and matches the hashes directly. This ensures raw PII never leaves your environment.

To set up your ingestion pipeline:

  1. Create a cloud storage bucket (AWS S3, GCS, or Azure Blob Storage) or dedicate a prefix in an existing bucket.
  2. Grant DataGrail read-only access to the prefix.
  3. Configure the bucket and prefix in DataGrail under DROP Compliance > Settings.
  4. Produce your first NDJSON file of consumer identifiers following the Ingestion Format specification.
  5. Write a manifest.json referencing the file and upload both to your bucket.

DataGrail will automatically pick up the manifest within 15 minutes and begin ingesting your identifiers.

Pre-Hashed vs. Clear

If you choose pre-hashed ingestion, read Hashing Algorithm carefully before building your pipeline. Your hashes must exactly match the DROP standardization rules for identity matching to work.:::

Implement Your Dispatch Endpoint

Based on the dispatch method you chose in Step 2, implement the appropriate endpoint or agent before go-live.

  • Webhook: Set up a receiver endpoint at the URL you'll configure in DataGrail. Implement signature verification and return 2xx on receipt.
  • Polling: Build a scheduled agent that calls DataGrail's GET /pending_work endpoint and posts outcome callbacks.
  • ISI: Implement the /api/v1/privacy/drop/delete and (if needed) /api/v2/privacy/drop/identifiers endpoints on your hosted API.

Refer to API Reference for the full request/response specifications.

Test End-to-End

Before going live, run at least one full test deletion request to verify the entire pipeline is working correctly.

See Testing & Validation for the complete testing checklist and common troubleshooting steps.

Once testing passes, DataGrail will begin monitoring the DROP registry and processing deletion requests on your behalf automatically. DROP requests will appear in your Request Manager queue alongside all other privacy requests.

For ongoing monitoring, use the Audit Log & Reporting to track deletion status and 45-day SLA compliance.

 

Need help?
If you have any questions, please reach out to your dedicated Account Manager or contact us at support@datagrail.io.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.