The CCPA gives data subjects the Right to Opt-Out of the Sale of their Personal Information to third parties. DataGrail customers have the ability to handle Do Not Sell requests through an intake form, verify those requests, and maintain a record log for compliance.
Here’s how it works
Compliance Teams can host a DataGrail-powered Do Not Sell form at their privacy domain. This is separate from the privacy intake form.
Note: The text and fields in this form are customizable.
Form CAPTCHA: An additional measure to prevent against spam and fraud in the privacy request process.
Once a data subject makes a request, they will be asked to confirm their email address. This is not explicitly required under CCPA, but it is a safeguard against spam and requests illegitimately made on behalf of others.
Viewing Do Not Sell Requests
Once the request is submitted, the request details will be logged to DataGrail. Compliance team members can go to Requests > Do Not Sell to see the current list of opt-outs. Standard columns:
Name - name captured in the intake form
Email - email address captured in the intake form
Date - date that the request was created
Verification - whether the requester has verified their email address
Status - compliance team can mark a request as complete or incomplete at any time
Additional - if customer requests additional fields during intake process, these will be grouped in the additional column in the app (each additional field will appear as its own column in the export
Sort and Filter on verification and completion status
Compliance teams can sort the list of do not sell requests by column. Compliance teams can also filter by verification and completion status to see which requests need to be addressed.
Marking Requests as Complete
Compliance teams may honor this opt-out request in a number of ways outside of DataGrail. How a business opts a user out depends on that business' definition of a “sale” and where that information is saved. Regardless of how the opt-out is processed, DataGrail provides the ability to record the completion status of the request within the app so that there’s a compliance record for each request.
Compliance teams can select one or more requests and click Mark complete / Incomplete to update the status of the requests.
Compliance Teams can mark a request as complete at any time – verification status will not block the completion of the request.
Compliance Teams can download a copy of all requests at any time by clicking the Download button. DataGrail will download a .tsv file directly to the browser upon request.
To learn more about setting up GTM for Do Not Sell, check out the article here.
Please reach out to firstname.lastname@example.org with any questions!
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.