Privacy Request Policies

Have more questions? Submit a request

You can see your Privacy Policies within your DataGrail environment. This article will walk you through how to locate them and the information they contain.


DataGrail User Roles

Only the following User Roles will have access to Request Policies:

  • Super Admin

  • Request Admin
  • Request Agent

NOTE : Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. e.g. If a user had a Live Data Map Admin Role, adding a Super Admin Role to their user record would then allow them access to Request Policies.



Request Policies are available by clicking on the Request Manager tab and selecting Request Policies.



From here, Request Policies will appear in a settings page and are available to review only.


On this page, there are three columns that will give a high level overview of the policy and it’s contents:

  • Policy
    • Name
  • Status 
    • Shows if the policy is Active or Inactive and the initial creation date
      of the Policy
  • Privacy Rights associated with that Policy

Out of the box, DataGrail sets four default policies for all customers:

    • California Privacy Rights Act (CPRA)
    • US Standard Policy
    • General Data Protection Regulation (GDPR)
    • Global Privacy Rights (GPR)

To add additional policies, please reach out to


To view all details of the Policy, the User will click on the policy name. Within the Policy specific page, there are two sections; Policy Settings and About this Policy.

Policy Settings


This section will cover the following information:

  • Policy Status
    • Showing if the policy is Active or Inactive and the date it was last Active on
  • Internal Name
    • Showing the unique name provided by the User at setup (typically this is just the Policy name)
  • External Name
    • Showing the Policy name that the requester will see
  • Authorized Agent
    • This allows others to submit a request on the data subject's behalf. They may or may not need documentation proving that they're allowed to represent the data subject
  • Verification Method
    • Specified method for verifying a data subject's request before fulfilling it
      • Options include Email and Smart Verification
  • Default Privacy Policy
    • The default privacy policy will apply to data subjects who don't meet the criteria of the privacy policies offered

About this Policy


This section will cover the following information:

  • Request Duration
    • Amount of time to fulfill the privacy request
  • Extension Period
    • Amount of time to extend the deadline of fulfilling a privacy request
  • Privacy Rights
    • The request types provided for the specific policy (you can learn more about these here!)
  • Locations
    • The locations covered by the specific privacy policy
      • Note : If a policy is globally applied, "Locations" will state "No locations have been set for this policy". Otherwise, "Locations" will be specific to the applicable countries / states.


If you have any questions about this feature, please reach out to your dedicated CSM or


The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful