Request Actions
On any Privacy Request, three actions are available to manually control its' workflow state or timeline:
Request an Extension
Under the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), businesses have the option to extend the timeline of privacy requests by an additional 60 days (GDPR) or 45 days (CCPA) due to the complexity and number of requests. Businesses are responsible to assess whether they fulfill the conditions to extend compliance with privacy requests.
DataGrail offers the ability to extend timelines per request and to communicate to data subjects about the extension and expected answer to their request.
When reviewing a specific request, the user will need to click 'Request 45-day Extension' (60 days for a GDPR request):
When clicking the extension button, the relevant email template will be displayed giving the option to tailor the content of the email as needed. Once sent, the request timeline will be adjusted in your DataGrail platform:
The ability to extend a request timeline is available on all open requests once they are processed through the Request Manager Wizard. The ability to extend a request timeline is also available on all open requests, whether they are still within the request timeline SLA or not.
DataGrail offers the ability to submit a request extension once per privacy request.
Pause Request Processing
DataGrail allows any Privacy Request in the Wizard state to be paused for the following reasons:
- Internal Discussion
- Legal Hold
- Needs Clarification
- Other
To pause a request, select Actions in the top-right corner of the Wizard and then Pause Request.
After selecting a Pause Reason, the request will move to the Wizard Pause state and will show a banner at the top of the page which indicates the date the request was paused and the pause reason. You can continue working through the wizard while the request is paused.
To unpause the request, just select Resume Request on the right-hand side of this banner.
Close a Request
DataGrail offers 3 options, in the case a Privacy Request needs to be manually closed:
Deny Request
Denying a request allows you to stop processing a request and close it completely with an option to notify the data subject. Currently, you are able to Deny a request in the following Active states:
- Active: Pending Action
- Active: Extracting Identifiers
- Active: Extracting Personal Data
If a Privacy Request is in a valid state, you will see Deny Request as an option in the left-hand menu. Once selected, you will be given the option to Deny and Do Not Send Email or Deny and Send Email. The email to the data subject uses the Privacy Request Denied Email Template by default, but the email body can be customized before being sent.
Once successfully denied, you will see a success prompt indicating that the request has been moved to the Closed by Customer state.
Mark as Nonresponsive
Closing a request as Nonresponsive allows you to stop processing a request and close it with or without an email notification to the data subject. Currently, you are able to close a request as Nonresponsive in the following states:
- Active: Wizard
- Active: Pending Action
Active: Wizard
Within Step 1 of the Request Wizard you have the option to select Nonresponsive. Selecting this option will move forward with marking the request as Nonresponsive.
After selecting Nonresponsive and Next, you will have the option to close without an email or to confirm receipt of the request and close. Once complete, the Privacy Request will move to the Closed: Nonresponsive state.
Pending Action
When a request is in Pending Action you can Mark a request as Nonresponsive and close by selecting the Mark as Nonresponsive option from the left menu.
After selecting the option to mark the request as Nonresponsive, you will be provided the option to close with or without an email to the data subject. Once complete, the Privacy Request will move to the Closed: Nonresponsive state.
Mark as Spam
DataGrail offers a few methods to help address spam requests submitted to your company. Within the DataGrail admin console there are two places to mark a request as spam. Currently, you are able to mark a request as spam in the following Active states:
- Active: Wizard
- Active: Pending Action
Active: Wizard
Requests can be marked as spam during Step 1 of the wizard.
- During Step 1 of the wizard, select Spam.
- Select “Close” and a pop-up will appear providing you with the option to Block and Mark as Spam, which will block this data subject's email address from creating new requests. Alternatively, select Mark as Spam to just mark the request as spam without blocking the email address.
- Select your choice and the current request or requests from that email address will move to a Closed: Spam state.
If you chose to only mark that single request as spam and you receive another request from that email address in the future, DataGrail will surface that it had previously been marked as spam to better inform your decision to block any future requests.
Pending Action
Requests can also be marked as spam from the Pending Action state.
- Select Mark as Spam from the left-hand options.
- A pop-up will appear providing you with the option to Block and Mark as Spam, which will block this data subject's email address from creating new requests. Alternatively, select Mark as Spam to just mark the request as spam without blocking the email address.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.