Request Wizard State
The DataGrail Wizard allows you to review Data Subjects details on a Privacy Request before you begin processing. You have the ability to assign a Privacy Request to a DataGrail user during any step of the Wizard.
The wizard is broken in to six steps, which are described below. Wizard steps are saved continuously, so you can leave the page at any time, without losing changes.
Some steps in the Wizard may skipped or the Wizard may be skipped entirely depending on your Workflow Automation Settings.
Step 1 - Legal Framework
This step in the wizard allows you to review the Legal Framework (Privacy Request Policy) associated with the request.
Privacy Requests submitted via the Privacy Request Center will automatically be assigned a Privacy Request Policy, based on the detected location of the Data Subject.
To complete this step, confirm or update the Legal Framework and select Next.
The last Legal Framework option will always be Spam. Selecting this option will allow you to deny the request and block the Data Subject Email as spam.
Step 2 - Privacy Right
After assigning the Legal Framework, you will be prompted to review/update the Privacy Right being exercised by the Data Subject. This step will be prepopulated for all requests, except those submitted via Email and Phone.
To complete this step, confirm or update the Privacy Right and select Next.
Step 3 - Relationship
Step 3 allows you to identify your relationship to the Data Subject, either:
- Controller: Controllers control the procedures and purposes of data usage. The controller dictates how and why the data is going to be used. Controllers are the main decision-makers, meaning they are in control by specifying how the data is going to be used by the processor. You exercise overall control in what data to process and why. If the request comes from someone you contact directly like a sales lead or customer – you are a controller.
- Processor: Processors process any data that the controller gives it and acts on instructions. The processor is what the controller chose to use and process the data with. Even 3rd party services for processors don’t own the data that they process or control. This means that the data processor is bound by the instructions given by the controller. If you don't directly contact the requester; one of your customers does – you are a processor.
To complete this step, indicate your relationship to the Data Subject and select Next.
The workflow for Controller and Processor requests is largely the same. Processor requests require a separate email for the Data Subject and Controller. When a request is complete, the results will be sent to the Controller instead of the Data Subject.
Step 4 - Identifiers
This step allows you to review/update identifiers for the Data Subject, which are used to identify PII within your connected Integrations.
Additional identifiers that are automatically retrieved from your Integrations will already be present in this step. Otherwise, identifiers will need to be entered manually.
To complete this step, review and populate primary and secondary identifiers. Then, select Next.
This step additionally allows you to select Send data to a different email, which will send the request results to a separate person. This allows you to treat any request like an Authorized Agent Request.
Step 5 - Confirmation Email
This step allows you to send the Privacy Request Confirmation email to the Data Subject.
It additionally allows you to send the Email Verification email to the Data Subject, for requests that are not already verified. Selecting this option will move the request to Pending Verification after the wizard.
To complete this step, select the desired email option. Then, select Next.
Step 6 - Confirmation Email Review
Step 6 is only available if the confirmation or verification email was selected in Step 5. This option allows you to review the content of the Data Subject Email before it is sent.
To complete this step, review/edit the email. Then, select Send Email. The Wizard is now complete and the request can begin processing.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.