Privacy Request Policies
"Privacy Request Policies" refer to the policies and procedures implemented within DataGrail's platform to facilitate and manage privacy requests made by data subjects regarding their personal data. These policies encompass the rules and guidelines that govern how an organization handles various privacy requests, such as data access requests, deletion requests, opt-out preferences, or any other privacy-related inquiries made by consumers or users.
DataGrail's platform is designed to streamline and automate the management of these requests, ensuring compliance with regulations such as the GDPR, CPRA, and other global privacy laws. Privacy Request Policies within DataGrail's system help companies define and enforce processes for responding to these requests efficiently, ensuring that individuals' privacy rights are respected and fulfilled.
DataGrail User Roles
Only the following User Roles will have access to Request Policies:
- Super Admin
- Request Admin
- Request Agent
Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. e.g. If a user had a Live Data Map Admin Role, adding a Super Admin Role to their user record would then allow them access to Request Policies.
Request Policies Page
Request Policies are available by clicking on the Request Manager tab and selecting Request Policies. Your Request Policies will appear in a settings page and are available to review.
On this page, there are three columns that will give a high level overview of the policy and it’s contents:
- Policy
- Name/Legislation
- Status
- Shows if the Policy is Active or Inactive and the initial creation date of the Policy
- Privacy Rights
- The rights associated with that Policy
By default, DataGrail sets four default policies for all customers:
- California Privacy Rights Act (CPRA)
- US Standard Policy
- General Data Protection Regulation (GDPR)
- Global Privacy Rights (GPR)
To add additional Policies, ask your customer success manager or reach out to support@datagrail.io
Policy Details
To view all details of the Policy, the you can click on the policy name. Within the Policy specific page, there are two sections; Policy Settings and About this Policy.
Policy Settings
This section will cover the following information:
- Policy Status
- Showing if the policy is Active or Inactive and the date it was last Active on
- Internal Name
- Showing the unique name provided by the User at setup (typically this is just the Policy name)
- External Name
- Showing the Policy name that the requester will see
- Authorized Agent
- This allows others to submit a request on the data subject's behalf. They may or may not need documentation proving that they're allowed to represent the data subject.
- Verification Method
- Specified method for verifying a data subject's request before fulfilling it
- Options include Email and Smart Verification
- Specified method for verifying a data subject's request before fulfilling it
- Default Privacy Policy
- The default privacy policy will apply to data subjects who don't meet the criteria of the privacy policies offered
About this Policy
This section will cover the following information:
- Request Duration
- Amount of time to fulfill the privacy request
- Extension Period
- Amount of time to extend the deadline of fulfilling a privacy request
- Privacy Rights
- The request types provided for the specific policy
- Locations
- The locations covered by the specific privacy policy
- Note : If a policy is globally applied, "Locations" will state "No locations have been set for this policy". Otherwise, "Locations" will be specific to the applicable countries / states.
- The locations covered by the specific privacy policy
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.