Pending Action State

The Pending Action is the final opportunity for Privacy Managers to review a request before data is deleted or results are sent to the Data Subject.

The following steps should be taken for any request that enters the Pending Action workflow state:

1. Review and edit retrieved data and deselect any integrations or data files that you do not want deleted or sent to the Data Subject.
2. Upload any Miscellaneous Data Files that exist outside of your connected integrations. (Optional)
3. Allow Approvers to review and approve any integrations assigned to them. (Optional)
4. Select Process Request and review the final email notification to the Data Subject.

Editing Data Files

DataGrail allows you to modify retrieved data files and to exclude records from access or deletion requests before completing the processing step. Typically you'd do this because:

• You want to redact certain pieces of information sent to a data subject that may include PII unrelated to them (such as an agent name in a support chat conversation).
• You want to remove information from the retrieved data that is not relevant to the request (such as metadata relating specific to the integration).

Access, Access Categories, Transfer, and Update Inaccuracies Requests

Once a request has queried connected integrations for PII in the Extracting Personal Data state, you can inspect the retrieved data and edit it before submission to the data subject.

Some files, like .tsv entries, can be directly edited in the processing user interface. Simply select the field you wish to edit, and update it accordingly.

You can also delete the entire row from the file by clicking the trash icon.

Any changes to files within the request are documented in the Activity Log at the bottom of the page, including any new file uploads and the removal of files from the information packet.

Deletion and Object to Processing Requests

On a deletion request, you can exclude individual files from deletion using the checkboxes next to each file:

Records that are checked will be deleted when the privacy request is processed and records that are unchecked will be skipped and not deleted. Individual fields within those records cannot be removed or changed on a deletion request.

Uploading Data Files

The Miscellaneous Files item in the Integrations List for Access, Access Categories, Transfer, and Update Inaccuracies Privacy Request types, allows internal users to upload data directly in DataGrail for requests in the Pending Action state.

This functionality is useful for returning additional files to the data subject that may live outside of your set of integrations with DataGrail. You may also want to upload files to this section when new data is created for the data subject after the Extracting Personal Data state has been completed.

This functionality is available for the following user roles: Super Admin, Request Admin, and Request Agent

Uploading data to the Miscellaneous Data Files section is simple:

1. Select the three dots on the right side of the Miscellaneous Files section on any Access Request in the Extracting Personal Data or Pending Action state.
2. Select Upload Files.
3. Select the relevant data files from your device (you may select multiple files at once).
4. You will see a Files Uploaded successfully banner at the top of the page once the upload is complete.
5. To view all manually uploaded files, select View on the right side of the Miscellaneous Files section.

Once complete, all manually uploaded files will be included in the Access Requests Results package sent to the Data Subject after you select Process Request.

File Types and Limits

Allowed File Types: .tsv, .csv, .json, .png, .pdf, .txt, .xml, .xls, .xlsx, .zip

Total Combined Upload Limit: 200MB