Authorized Agent
There are scenarios where a data subject will require a request to be submitted on their behalf. Generally, this requires a form to be signed by an authorized agent, verified by the data subject, processed, and then reviewed and stored. Within DataGrail, the Authorized Agent Workflow enables authorized agents to submit privacy requests on behalf of data subjects. For reporting, the approval from the data subject is tracked through the authorized agent request workflow available as part of the Request Wizard.
Authorized Agent Workflow
When an authorized agent submits a request via your Privacy Request Form on behalf of a data subject, two separate verification emails are sent via a customers’ transactional mailer: one to the authorized agent who submitted the form and another to the data subject who the authorized agent entered into the form. You can view these emails within the DataGrail admin console by opening the request and scrolling down to the “Emails sent by DataGrail” section.
Below we’ll walk through the verification and approval flow for the authorized agent and data subject.
DataGrail User Roles
Only the following will have access to Authorized Agent functionality:
- Super Admin
- Request Agent
- Request Admin
- Request Approver
Configuring Authorized Agents
Authorized Agent is enabled at the Privacy Request Policy level. To add Authorized Agent to a Request Policy:
- From the left-hand menu, select Request Policies.
- Select the relevant policy.
- Use the Authorized Agent toggle to enable or disable the feature for the locations covered by the policy.
Changes will be saved automatically. Once toggled on, Authorized Agent will only affect requests submitted after the toggle was turned on.
Authorized Agent Verification
After an authorized agent submits a request through your Privacy Request Form, they will receive a verification email requesting them to verify their email address and identity. Below you can see an example of what the authorized agent sees while verifying their email address and identity.
The file upload is limited to a combined size of 10MB and each file must be in one of the following formats: .pdf, .doc, .docx, .png, .jpg, .jpeg, .txt or .rtf
Once the Data Subject and Authorized Agent complete the verification process, you will be able to review the verification documentation in the DataGrail Wizard.
Data Subject Verification
The data subject’s verification flow is simple and ensures that no request is processed without the data subject authorizing the agent to submit a request on their behalf. After a request is submitted by the authorized agent, the data subject will receive a verification email. Below is an example of the email a data subject will receive once an authorized agent submits a request on their behalf.
If the data subject does not authorize the request, it will be closed automatically.
Processing Requests
When the request is in the Pending Wizard state, you can review the answers from the Data Subject as well as the documentation from the Agent before approving the request. If you reject the request, you will have a chance to update the email that is sent out to the data subject about why the request was rejected. If you accept the information they submitted, the request will move to the Extracting Personal Data state.
With Smart Verification and the Authorized Agent workflow, you will be able to confidently process Privacy Requests knowing each request has a verified authorized agent, approval from the data subject, and a review by a member of your team.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.