Skip to main content

Email Intake

How does email intake work?

When a customer receives an email at a specified address (e.g., privacy@company.com), this can be forwarded to DataGrail to be automatically parsed and create a privacy request within the platform. DataGrail’s systems will make a best effort to determine who the requester (data subject) is, and may additionally provide additional context that can help process a request, including surfacing whether it can be spam.

As is generally the case, these requests will be easy to review to ensure that the requester’s information was captured accurately.

Email Headers

To parse emails, DataGrail’s systems rely on the original email headers (namely from, in-reply-to, and others) to process these requests. The body of an email is also parsed, but can be less reliable.

The way email forwarding is set up can have implications for how these email headers are preserved, and whether DataGrail can in fact make any inferences about the request.

How are requests submitted via email verified?

To ensure the identity of the data subject, an email verification message is sent to them automatically after a request is submitted via the privacy request intake form. On the other hand, when a data subject submits a request via an email, the Pending Verification step will be skipped initially and the request will open in Pending Wizard. A request submitted via email flows this way because the sender likely has access to the email address they sent the request from, but an optional email verification email can be sent from the request wizard.

To send an email verification to the data subject before the request is processed, you can select the “Verify email” option in Step 6 of the Request Wizard. This will allow you to preview and send a verification email to the data subject. If you are unsure whether this is necessary, speak with your company’s legal team for a recommendation.

Screen_Shot_2022-02-03_at_10.38.29_AM.png

If you choose this option, the request will move to Pending Verification and then to Active: Extracting Personal Data once verified by the data subject.

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.