There are scenarios where a data subject will require a request to be submitted on their behalf. Generally, this requires a form to be signed by an authorized agent, verified by the data subject, processed, and then reviewed and stored. Within DataGrail, the Authorized Agent Workflow enables authorized agents to submit privacy requests on behalf of data subjects. For reporting, the approval from the data subject is tracked through the authorized agent request workflow available as part of the Request Wizard.
Authorized Agent Workflow
When an authorized agent submits a request via your Privacy Request Form on behalf of a data subject, two separate verification emails are sent via a customers’ transactional mailer: one to the authorized agent who submitted the form and another to the data subject who the authorized agent entered into the form. You can view these emails within the DataGrail admin console by opening the request and scrolling down to the “Emails sent by DataGrail” section.
Below we’ll walk through the verification and approval flow for the authorized agent and data subject.
DataGrail User Roles
Only the following will have access to the Email Notification Settings tool :
- Super Admin
- Request Agent
- Request Admin
- Request Approver
NOTE : Combining any user roles that do not have access to this UI with any of the above user roles that do have access to this functionality will grant a user access to these updates. I.e. If a user had a Connections Manager Role, adding a Super Admin role to their user record in DGAdmin would then allow them access to the new Risk Monitor.
Configuring Authorized Agents
Approved Users (noted above) are able to control this feature within their DG account by doing the following;
Logging into DataGrail and opening up the navigation bar on the left-side of the screen. From here, click on Request Policies, under Request Manager
Next, click on the Request Policy you’d like to add Authorized Agent on (using CPRA as an example below) and in the middle of the screen, you’ll see a section for Authorized Agent. From here, you can toggle the feature On or Off (the default is set to “Off”)
(Example “Off”)
(Example “On”)
Changes will be saved automatically. Once toggled on, Authorized Agent will only affect requests submitted after the toggle was turned on.
Authorized Agent Verification
After an authorized agent submits a request through your Privacy Request Form, they will receive a verification email sent via a customers’ transactional mailer requesting them to verify their email address and identity. Below you can see an example of what the authorized agent sees while verifying their email address and identity.
Note: The file upload is limited to a combined size of 10mb and each file must be in one of the following formats: .pdf, .doc, .docx, .png, .jpg, .jpeg, .txt or .rtf. Click here to learn more about allowed file uploads.
Once documentation is submitted, and assuming the data subject has completed their verification, these will be available for you to review in the DataGrail admin console, within the Request Wizard.
Data Subject Verification
The data subject’s verification flow is simple and ensures that no request is processed without the data subject authorizing the agent to submit a request on their behalf. After a request is submitted by the authorized agent, the data subject will receive a verification email. Below is an example of the email a data subject will receive once an authorized agent submits a request on their behalf.
If the data subject does not authorize the request to be processed, it will be closed. If the subject verifies it the ticket will be moved to processing.
If Smart Verification is turned on then the user will need to move through the Smart Verification process.
Note: For email verification, a data subject is sent reminder emails one, seven, and ten days after they submit a request and the link in each will expire seven days after the email is sent.
Processing Requests with an Authorized Agent
When the request is in Pending Wizard, you can review both the answers from the data subject and documentation from the authorized agent before approving the request. If you reject the request, you will have a chance to update the email that is sent out to the data subject about why the request was rejected. If you accept the information they submitted, the request will be processed through the standard request lifecycle.
With Smart Verification and the Authorized Agent workflow, you will be able to confidently process privacy requests knowing each request has a verified authorized agent, approval from the data subject, and a review by a member of your team.
If you have any questions about this feature, please reach out to your dedicated CSM or support@datagrail.io.
The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.