Email Intake
When your company receives an email at a specified address (e.g., privacy@company.com), forwarding rules can be set up to automatically forward that email to DataGrail, where the message and sender information will be parsed and converted into a privacy request within the Request Queue.
Email Headers
To parse emails, DataGrail’s systems rely on the original email headers (namely from, in-reply-to, and others) to convert an email into a privacy request. The body of an email is also parsed, but can be less reliable.
The details of the email forwarding configuration can have implications for how these email headers are preserved, and whether DataGrail can in fact make any inferences about the request.
How are requests submitted via email verified?
When a data subject submits a privacy request to the DataGrail Intake Form, an email verification message is sent to them automatically to confirm their identity.
On the other hand, when a data subject submits a request via an email, the Pending Verification step will be skipped initially and the request will open in Pending Wizard. This is the default setting for requests submitted via email because the sender likely has access to the email address they sent the request from.
Optionally, an email verification email can be sent, regardless of intake method. To send an email verification to the data subject before the request is processed, you can select the “Verify email” option in Step 6 of the Request Wizard. This will allow you to preview and send a verification email to the data subject. If you are unsure whether this is necessary, speak with your company’s legal team for a recommendation.
If you choose this option, the request will move to Pending Verification and then to Active: Extracting Personal Data once verified by the data subject.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.