When a requestor requests to access the personal information that your company maintains on them, they will submit an Access (right to know) request. If they are only interested in knowing the types of data categories you store, they will submit an Access Categories request. These requests follow very similar paths within the DataGrail platform, with a couple small differences that are called out below.
*Light blue boxes indicate where you or a teammate will take action on a request.
The following is a walkthrough of a standard Access Request Lifecycle:
- A data subject will submit an access request using the Privacy Request intake form you have created with DataGrail.
- DataGrail will send the requestor a verification email to ensure they own the email they are requesting information for.
- Once confirmed, the request will show up in DataGrail with the status of Active: Wizard. To move the request to the next stage, you can click on this request. The Request Wizard will pop open and you will be able to verify and update the information for the request.
- The final step in the Request Wizard is to click submit which will move this request to Pending DataGrail.
- This starts the access request process. DataGrail will connect to all integrated systems (API, Direct Contact) and query for any data the requestor has in those systems by utilizing the requestor’s email address as an identifier. For Direct Contact integrations, DataGrail will send an automated email to the processor requesting they respond back with all of the requestor’s data they have in their system. This retrieval can take more time based on the capabilities of the integrations you have connected. Learn more about integration response times here.
- For Access Categories requests, the response will only contain the categories of data that were found, not the data itself.
- The data retrieved from these systems will be stored in the your connected storage bucket.
- From here, the request will move into a Pending Action state. This is where you or a member of your team can review the information retrieved and select what will be sent to the requestor.
- Note: Only User Admin users are able to review and process requests in Pending Action
- After you review and press Process Request, DataGrail will send an email to the requestor with a link to download their data or, if no data was found, an email notifying them that no data was found in for them, in your systems.
- For Access Categories requests, the email will contain a list of the categories of data found for the requestor