Manual Actions
On any Privacy Request, actions are available to manually control its workflow state or timeline:
- Mark as Spam
- Mark as Verified
- Request an Extension
- Pause Request Processing
- Close a Request
- Skip Final Email to Data Subject
- Resend Download Link
Mark as Spam
DataGrail offers a few methods to help address spam requests submitted to your company. Within the DataGrail admin console there are two places to mark a request as spam. Currently, you are able to mark a request as spam in the following Active states:
- Active: Wizard
- Active: Pending Action
To mark a request as spam:
- During Step 1 of the wizard, select Spam.
-
Alternatively, from the Pending Action state, select Mark as Spam from the left-hand options.
-
Select Close and a pop-up will appear providing you with the option to Block and Mark as Spam, which will block this data subject's email address from creating new requests.
Just select Mark as Spam to mark the request as spam without blocking the email address.
-
Select your choice and the current request or requests from that email address will move to a Closed: Spam state.
If you chose to only mark that single request as spam and you receive another request from that email address in the future, DataGrail will surface that it had previously been marked as spam to better inform your decision to block any future requests.
Mark as Verified
If you have verified the Data Subject Email outside of DataGrail, you can manually mark the request as verified in DataGrail.
Taking this action will move the request past the Verifying Email state and will leave a log with a timestamp and the name of the person who took the action. This action cannot be undone.
-
On a Privacy Request in the Verifying Email state, select the Mark as Verified button in the left-hand sidebar.
-
Alternatively, from the Data Subject Requests page, bulk select relevant requests using the checkboxes and select Mark as Verified at the top of the page.
Request an Extension
Under the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), businesses have the option to extend the timeline of privacy requests by an additional 60 days (GDPR) or 45 days (CCPA) due to the complexity and number of requests.
Businesses are responsible to assess whether they fulfill the conditions to extend compliance with privacy requests.
DataGrail allows requests to be extended once, regardless of workflow state:
- Open the relevant Privacy Request and select Request 45-day Extension.
- Review the email notification to the Data Subject. The Extend Request Deadline Email Template is used by default.
- Select Send Message to extend the timeline and notify the Data Subject.
Pause Request Processing
DataGrail allows any Privacy Request in the Wizard state to be paused for the following reasons:
- Internal Discussion
- Legal Hold
- Needs Clarification
- Other
To pause a request:
- Select Actions in the top-right corner of the Wizard and then Pause Request.
- After selecting a Pause Reason, the request will move to the Wizard Pause state and will show a banner at the top of the page which indicates the date the request was paused and the pause reason. You can continue working through the wizard while the request is paused.
- To unpause the request, just select Resume Request on the right-hand side of this banner.
Close a Request
DataGrail offers the ability to manually close a request in the following Active states:
- Active: Wizard
- Active: Extracting Identifiers
- Active: Extracting Personal Data
- Active: Pending Action
If a Privacy Request is in a valid state, you will see Close Request as an option in the left-hand menu and when making bulk selections on the Data Subject Requests page.
- After selecting Close Request, choose a Close Reason, which will be annotated on the request once closed. The reason you choose does not impact how the request is closed.
-
To close the request without notifying the Data Subject, select Close Request.
-
Alternatively, select Close and Compose Email to notify the Data Subject that their request was closed.
The email to the data subject uses the Privacy Request Denied Email Template by default, but the email body can be customized before being sent.
-
Once successfully denied, you will see a success prompt indicating that the request has been moved to the Closed by Customer state.
Closing a request is permanent and cannot be undone. If integrations are currently processing, the processes may finish executing after the ticket has been closed.
Skip Final Email to Data Subject
There are some cases where you may not want to notify the Data Subject after a Privacy Request is complete. Final Email Notifications that can be suppressed include the following:
- Access Categories Request Results
- Access Request Results
- Access Request Results - No Data Found
- Deletion Request Results
- Object to Processing Request Results
- Rectification (Data Correction) Request Results
- Third Party Disclosure Request Results
To suppress the final notification email on a Privacy Request, use the Send final email to data subject toggle.
The skip_results_email flag on the Create a Privacy Request API Endpoint will allow you to set this email to be skipped at the time a Privacy Request is created.
Resend Download Link
By default, the download link to Access Request Results expires in 7 days and can only be used once.
You have the ability to send a new download link to the Data Subject for Privacy Requests in the following states:
- Closed: Requester Downloaded
- Closed: Requester Didn't Download
Data files can only be resent if they still exist in your Cloud Storage Bucket. Most buckets are configured with a retention policy, which will destroy data files after a certain number of days.
If the data files for a Privacy Request no longer exist in the bucket, the Resend Download Link action will fail.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.