Request Manager Features
This section will show you how to get around the Request Manager tools on your DataGrail account.
Data Subject Requests
Someone who makes a privacy request regarding the data held and used by your company is referred to as a Data Subject. In this section of Request Manager, you can manage these requests through their lifecycle, at different levels of scale, using various levels of automation.
In the Request Queue, you will be able to view and sort all requests, current and past, as well as search and perform bulk actions. Going a level deeper, you can view and take action on individual requests with a great amount of detail.
See the Request Queue Knowledge Base Article for info on searching, filtering, and creating requests in the queue.
Before these requests can be processed and completed, they will need to enter the Request Queue, by means of intake. Request Manager can support requests from several different intake sources.
Request Intake
Privacy Requests can reach your company through different channels. DataGrail helps automate requests from the following sources:
Wizard
Once a request has been received, the first stop is the Request Manager Wizard. This multi-step tool allows you to view, edit, and confirm the information that was submitted. If the information is incorrect or insufficient, the request can be denied or marked as spam.
This is also the part of the workflow where requests will pause and wait for Email Verification or Smart Verification of a data subject’s or Authorized Agent’s identity to complete, if required.
The steps of the Wizard can be held for user review or defaulted with Request Wizard Automation, which can be very useful for high-volume request processing.
Request Queue
Once a request has been made, the data subject’s identity has been verified, and their information reviewed and confirmed, it’s time to take action – requests will move through phases of data extraction, team review, and data deletion. This process can be monitored and managed from the queue, as well as customized with the Workflow Automation feature.
From the Request Queue you can take bulk actions, deny requests, or extend request deadlines. Once the request has begun processing, the systems that you have integrated with DataGrail, also known as Third-Party Integrations, will fetch or delete the target PII.
The status of each integration is displayed in a table on the individual Data Subject Request pages (Integrations Statuses). Once all integrations have completed, the results will be ready to deliver to the requester.
Privacy Request Results
After a request has been processed the results will be communicated to the data subject.
-
In the case of an Access Request, the results of their inquiry will be emailed in the form of a secure download link.
-
Deletion requests result in a confirmation email, informing the data subject that their request has been fulfilled. This confirmation email and other automated emails can be customized by editing DataGrail's Email Templates.
From here, the Privacy Request will move into a closed state, remaining in the list of requests indefinitely, as record of the outcome. Completed or closed requests can be filtered out of the Request Queue view.
Do Not Sell or Share
Also known as Opt-Out Requests, Do Not Sell or Share requests are slightly different from Privacy Requests. These requests can be submitted via the DataGrail Opt-Out Form or created manually within Request Manager.
In addition to deactivating trackers and scripts for individual visitors on your website alongside DataGrail’s Consent Management Platform, Opt-Out Requests offer methods for data subjects to refuse the sale of their personal data and unsubscribe from email and notification lists.
Processed in a separate queue from Privacy Requests, Opt-Out Requests operate with their own set of deadlines and interactions with connected API integrations. When you visit this section of Request Manager you will see the Do Not Sell or Share Request Details View, which gives you a view into the Opt-Out Requests and control over their processing.
Request Policies
This section of Request Manager catalogs the Privacy Request Policies that are honored by your company. Privacy Policies are usually to be mandated by an area of residence (State, Country) of the data subject making a request.
The Privacy Rights that each policy offers to the residents of its scope are determined by the laws and regulations of the governing bodies. Request Manager uses geolocation to determine which policy to offer a data subject.
In addition to the locations and Privacy Rights, this tool allows you to view the duration, verification method, and other details about each individual policy.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.