Quickstart Guide
To get started using Request Manager to process Privacy Requests, the following components will need to be configured:
Foundation Connections
Request Manager requires two integrations to support processing Privacy Requests, a Transactional Mailer and a Cloud Storage Bucket.
Transactional Mailer
Persons Needed to Complete Configuration:
- DataGrail user with a role of Connections Manager or Super Admin
- Technical admin from your organization
Email messages are used to communicate with and verify a Data Subject's identity, as well as service the Direct Contact Workflow. A Transactional Mailer is a service that allows DataGrail to send email messages on your behalf, using an address hosted on your domain.
Connecting Your Mailer
The first step in setting up your transactional mailer is to create the API connection with DataGrail:
-
Determine what transactional mailer you already have.
Supported Transactional Mailers
The following Transactional Mailers are supported by DataGrail:
-
Select the Integrations page from DataGrail's side menu.
-
Select Configure New Integration.
-
Search for the mailer you would like to connect and select Configure.
-
Ensure only the Transactional Mailer capability is selected (i.e. do not select “Access” or “Deletion”).
-
Select the View Connection Instructions button and follow the steps to enter the credentials for your mailer.
-
Click Configure Integration.
Mailer Configuration & Deliverability Testing
Once connected, please contact support@datagrail.io with the following information, and we will configure the mailer and test deliverability:
- Sender Email (e.g.
privacyrequests@customer.com) - Sender Name (e.g.
Customer Privacy Requests)
In order for the DataGrail platform to function as intended, it is crucial that the messages sent from your transactional mailer are delivered consistently to your users. For this reason, DataGrail performs a deliverability test when you connect your mailer.
DataGrail will inform you with the status of the deliverability test once your mailer is connected.
Ensuring Successful Deliverability
Since your transactional mailer is sending on behalf of your company (and your domain), it is important emails are properly authenticated to avoid appearing malicious or as spam to recipients. As a result DataGrail recommends customers configure the following:
- Sender Identity: Many transactional mailers, like SendGrid, offer the ability to verify a Sender Identity. This is often required and serves to uphold legitimate sending behavior. Setting this up usually requires domain verification and access to DNS records.
- SPF (Sender Policy Framework): SPF is a form of email authentication that lets you define what mail servers are allowed to send on behalf of your domain. It is highly recommended to configure SPF records for your transactional mailer with your domain to ensure successful deliverability. This will also require access to DNS records.
- DKIM (DomainKeys Identified Mail): DKIM is another form of email authentication that uses a digital signature to verify an email was sent by the authorized owner of a domain. This is also an important step to ensuring that mail sent on your behalf is delivered reliably to your users.
Email Templates
With your mailer successfully configured, you can optionally review/update DataGrail's Email Templates to ensure messages to Data Subjects align with your brand and privacy posture.
Cloud Storage
Persons Needed to Complete Configuration:
- DataGrail user with a role of Connections Manager or Super Admin
- Technical admin from your organization
As a security measure, DataGrail stores data collected for a Privacy Request in a cloud storage bucket that you own and maintain. DataGrail encrypts data at rest and in transit when sending to your storage solution. You can then encrypt the storage instance per your security posture and purge the data as needed.
Supported Cloud Storage Providers
The following Cloud Storage Providers are supported by DataGrail:
Connecting Your Cloud Storage Bucket
To set up your cloud storage bucket, create an API connection with DataGrail:
- Navigate to the Integrations page.
- Select Configure New Integration and search for your desired solution.
- Select View Connection Instructions for specific connection for your solution.
- After inputting the required credentials, ensure only the Privacy Request Storage capability is selected in the left-hand menu (i.e. do not select “Access” or “Deletion”).
- Select Configure Integration.
Cloud Storage FAQ
How much data will be stored in this bucket?
The volume of data stored in your connected bucket is dependent on the number of records obtained for a Data Subject on a Privacy Request. Each Privacy Request will query your connected integrations for PII and return a set of .tsv files, which are generally quite small.
To estimate the volume of data stored, it is helpful to consider the average amount of data returned for a Privacy Request as well as your monthly request volume.
How is data purged from the bucket?
To purge Data Subject PII from your Cloud Storage Solution, we recommend you configure your storage bucket with a retention policy of at least 90 days. This policy will allow your bucket to automatically purge data, after a specified period of time.
If your retention period is too short and purges data before a Privacy Request is complete, it will encounter an error in DataGrail. We recommend configuring a retention period of at least 90 days.
Privacy Request Center
The Privacy Request Center is a page hosted on your domain that allows Data Subjects to submit Privacy Requests to your organization.
Configuring DNS Records
Persons Needed to Complete Configuration:
- Technical admin from your organization
Your organization will need to allow DataGrail to host this form on your domain. By default, the domain used is privacy.yourdomain.com. Please contact your Account Manager, if you would like to use a different address.
Once you have selected your Privacy Domain, DataGrail will create an internal certificate, which, once validated, will allow us to host the form on your domain.
To validate this certificate, your Account Manager will send you two CNAME records, which must be added to your domain. Once these records have been added to your DNS records, please notify your Account Manager, who will complete the setup process for your form.
Request Policies
Persons Needed to Complete Configuration:
- DataGrail user with a role of Request Admin or Super Admin
Privacy Request Policies determine what Privacy Rights are offered to Data Subjects around the globe. DataGrail provides a comprehensive set of policies by default, which cover common legal frameworks from different countries/states.
We recommend reviewing these policies through the Request Policies page to ensure they meet the needs of your organization.
Please email support@datagrail.io if you would like to make any changes.
Customization
Persons Needed to Complete Configuration:
- DataGrail user with a role of Request Admin or Super Admin
With your Privacy Request Center configured on your domain, it's time to make customizations! DataGrail allows you to customize the text throughout the form as well as add custom question questions to collect any necessary data that your organization needs to process a request.
See Customizing The Privacy Request Center for more information on adding custom text and questions.
Integrations
Persons Needed to Complete Configuration:
- DataGrail user with a role of Connections Manager or Super Admin
- Technical admin from your organization
With the infrastructure needed to intake and process Privacy Requests ready to go, it's time to integrate your systems for Request Manager. DataGrail's Integrations support programmatically extracting and deleting Data Subject Information from systems in your organization.
First, the Privacy Team should identify what systems are likely to contain Personally Identifiable Information (PII). DataGrail's Live Data Map, System Detection, and Responsible Data Discovery make this process easy.
With an understanding of where PII lives across your organization, work with the relevant system owners to generate credentials and integrate all systems to DataGrail:
Testing The Privacy Request Workflow
Persons Needed to Complete Configuration:
- DataGrail user with a role of Request Admin or Super Admin
- Technical admin from your organization
With your Foundation Connections configured, Integrations connected, and Privacy Request Center live, it's now time to test the Privacy Request workflow before launching DataGrail!
Testing the workflow ensures you are happy with the Privacy Request Center configuration, your Email Templates, and that your integrations are working as expected. Processing a test request also makes sure your team is enabled on the workflow within DataGrail.
- Create test data in connected systems for an email address owned by your organization. For example, create a Salesforce contact, a Zendesk user, etc. with the email
john.doe@yourcompany.com. - Use this email address to submit a Privacy Request through DataGrail!
- Process this Privacy Request to ensure the expected data is retrieved or deleted.
Once you are satisfied with the workflow and confident you are ready to process requests, work with your Account Manager to discuss a rollout plan for your organization.
Helpful Resources:
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.