Initiating Privacy Requests with DataGrail

Have more questions? Submit a request

Processing privacy requests is a very manual process that can be prone to human error and increase compliance risk. DataGrail's Privacy Intake process helps customers reduce hours spent managing DSARs through automation.



Many locations, including California and the EU, allow individuals to request what information a company maintains about them and request that those records be deleted.

DataGrail customers have the ability to handle privacy requests through multiple methods [including intake form, email forward, and toll-free #], verifying the identity of the requester, and maintaining an activity log for compliance. 


How it Works

Intake Form [optimal method]

DataGrail Customers can host a DataGrail-powered Privacy Request Form on their privacy domain. This is separate from the Do Not Sell Form. Based on the IP address of the user accessing the form, those specific policy requirements will automatically update and be shown on the form (learn more about this in the article "Verifying Data Subject Location").


Additionally, hCAPTCHA is included on forms as an additional measure to prevent against spam and fraud in the privacy request process. 

Additional Offerings:

  • Authorized Agents Workflow: CCPA regulations (§ 999.326) stipulate companies must provide a way for authorized agents to make requests on behalf of data subjects. For this to be available on the form, a customer must have Smart Verification enabled.

Note: The text and fields in this form are configurable. Learn more about the standard configuration options here


Email Verification

Once a data subject submits a privacy request, they will be asked to confirm their email address. This is a safeguard against spam and requests illegitimately made on behalf of others.


Note: This and all other email templates sent to the data subject are customizable. Learn more about the email templates available to your team here


Viewing Privacy Requests

Once the request is submitted, the request details will be logged to DataGrail. Admin users can go to Request Manager > Requests to see the current list of all privacy requests.

Input columns:

  • Email - email address captured in the Privacy Intake Form

  • Type - privacy request type (can be access, access category, deletion, rectification, pause processing)

  • Status - request status can fall into one of four main categories:

    • Active - request is in progress and is in one of the following states: Pending Action, Wizard, Pending Recruiting, Extracting Personal Data

    • Unverified - request is pending the data subject's email verification

    • Processed - request is ‘Pending Delete’ or in a ‘Notifying Requestor’ state

    • Closed - request has been closed with one of the following reasons: Nonresponsive, Spam, Requester Downloaded, Requester Didn’t Download, Responded to Requestor, Deletion Completed

  • Assignee - who the privacy request has been assigned to

  • Deadline - the number of days from request submission until the request is due



From here, Admin users can click into each request and begin processing!


Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful