Request Policies and Associated Rights

Have more questions? Submit a request

When a data subject submits a request to a DataGrail customer via the privacy request form, they can select a specific right they would like to enact. These rights include Access/Download, Deletion, and others.

 

Request Policies

The rights a data subject has to select from are determined by the request policy that applies to them. When a data subject visits a DataGrail privacy request form, a request policy is initially applied based on the data subject’s location. This location is determined by their internet protocol (IP) address (an IP address is given to a device while accessing the internet so it can connect to websites and applications). The data subject can modify this location by selecting a different state/country on the form. Selecting a state/country that falls under a different request policy will change the associated rights available to the data subject

 

On the privacy request form, there are three standard request policies for data subjects:

  • GDPR (General Data Protection Regulation)
  • CCPA (California Consumer Privacy Act)
  • Global Default Policy

Users processing requests can also review and modify the request policy and privacy right for data subject requests in step 1 and 2 of the Request Wizard.

Screen_Shot_2022-02-01_at_7.03.00_PM.png

Each request policy has associated rights, some are the same across regions and others are unique. The sections below walk through each request policy that is included by default in DataGrail and the rights associated with each.

 

GDPR Policy

This is a policy that is applied when the data subject requester’s IP address is inside of the European Union or when the data subject selects a country that indicates they reside in the European Union.

Note: The UK is no longer included under GDPR

 

Rights Available

Access (Download) : Gives individuals the ability to access their personal data

Deletion: Gives individuals the ability to request erasure of their personal data

Rectification: Gives individuals the right to have inaccurate personal data rectified, or completed if it is incomplete.

Transfer of Information/Data Portability: Allows individuals to obtain a transferrable and machine readable copy of their personal data in order to reuse their personal data for their own purposes across different services; it allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability; Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits; The right only applies to information an individual has provided to a controller.

Object to Processing: Allows individuals to request to stop the processing of their data for certain purposes (eg. public interest, legitimate interests, direct marketing).

Screen_Shot_2022-02-01_at_7.01.55_PM.png

 

CCPA Policy

This is a policy that is applied when the data subject requester’s IP address is inside of California or when the data subject updates their state/country to indicate they reside in California.

 

Rights Available

Access (Download) : Gives individuals the ability to access their personal data

Access Categories: Gives individuals the ability to know which categories of personal data are collected, stored and processed

Deletion: Gives individuals the ability to request erasure of their personal data

Screen_Shot_2022-02-01_at_7.01.09_PM.png

 

Default Policy

This is a ‘catchall’ policy that is applied when the data subject requester’s IP address is outside of locations that currently have specified policies (ie California, EU, Canada, etc.).

Screen_Shot_2022-10-05_at_8.14.07_AM.png

Rights Available

Access (Download) : Gives individuals the ability to access their personal data

Deletion: Gives individuals the ability to request erasure of their personal data

 

This can also be used as a placeholder policy that allows DataGrail Customers to facilitate support for requests incoming from regions where a request policy does not exist or is not on by default. 

 

The request policies above are on out-of-the-box for each DataGrail customer and can be modified based on a specific workflow. Please contact us at support@datagrail.io if you would like adjustments to the policies and associated rights mentioned in this article.

 

Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.

Articles in this section

Was this article helpful?
0 out of 0 found this helpful