Email Intake
When your company receives an email at a specified address (e.g., privacy@company.com), forwarding rules can be set up to automatically forward that email to DataGrail, where the message and sender information will be parsed and converted into a privacy request within the Request Queue.
To parse emails, DataGrail’s systems rely on the original email headers (namely from, in-reply-to, and others) to convert an email into a privacy request. The body of an email is also parsed, but can be less reliable.
The details of the email forwarding configuration can have implications for how these email headers are preserved, and whether DataGrail can in fact make any inferences about the request.
How are requests submitted via email verified?
When a data subject submits a privacy request to the DataGrail Intake Form, an email verification message is sent to them automatically to confirm their identity.
On the other hand, when a data subject submits a request via an email, the Pending Verification step will be skipped initially and the request will open in Pending Wizard. This is the default setting for requests submitted via email because the sender likely has access to the email address they sent the request from.
Optionally, an email verification email can be sent, regardless of intake method. To send an email verification to the data subject before the request is processed, you can select the “Verify email” option in Step 6 of the Request Wizard. This will allow you to preview and send a verification email to the data subject. If you are unsure whether this is necessary, speak with your company’s legal team for a recommendation.
If you choose this option, the request will move to Pending Verification and then to Active: Extracting Personal Data once verified by the data subject.
Configuring Email Forwarding
For DataGrail to automatically parse email requests, you’ll need to forward emails to (hereafter referred to as the intake address):
[your_company_name_here]@emailapi.datagrail.io
In the intake address, [your_company_name_here]
represents the subdomain of your DataGrail URL. If you log in at acme.datagrail.io
, then you’d forward emails to acme@emailapi.datagrail.io
The following are ways that email forwarding can be set up to ensure that the original email headers are preserved. If your email provider isn’t listed below, consult your email administrator or your DataGrail CSM.
G Suite (Gmail)
A G Suite administrator can set up an email group that can be identified by an email address (such as privacy@company.com), and can include the intake address as a member of the group. With an email group, when the privacy@company.com group receives an email, it redirects the message to all members. For instructions on how to set up email intake with an email group, see: Forward Setup - Google Groups.
Note: For email redirection with Google Groups to work, you will need to ensure that you have the following settings set for the group: allow external members checked and who can post set to anyone on the web.
You can also forward your emails directly to the intake address using the following instructions: Forward your emails.
Office 365 (Outlook)
Outlook has a convenient mechanism to preserve email headers by using email redirecting versus forwarding. If you need to, consult your email administrator to confirm which version of Outlook you’re using.
- Outlook Web App - see Redirect all messages to another account
- Outlook on the web
You can also create a distribution group, and include the intake address.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.