There are scenarios where a data subject will require a request to be submitted on their behalf. Generally, this requires a form to be signed by an authorized agent and data subject, processed, and then reviewed and stored. Within DataGrail, Smart Verification and the Authorized Agent Workflow enable authorized agents to submit privacy requests, and data subjects to provide approval for the authorized agent. For reporting, the approval from the data subject is tracked through the authorized agent request workflow available as part of the Request Wizard.
Authorized Agent Workflow
When an authorized agent submits a request via your Privacy Request Form on behalf of a data subject, two separate verification emails are sent via a customers’ transactional mailer: one to the authorized agent who submitted the form and another to the data subject who the authorized agent entered into the form. You can view these emails within the DataGrail admin console by opening the request and scrolling down to the “Emails sent by DataGrail” section.
Below we’ll walk through the verification and approval flow for the authorized agent and data subject.
Authorized Agent Verification
After an authorized agent submits a request through your Privacy Request Form, they will receive a verification email sent via a customers’ transactional mailer requesting them to verify their email address and identity. Below you can see an example of what the authorized agent sees while verifying their email address and identity.
Note: The file upload is limited to a combined size of 10mb and each file must be in one of the following formats: .pdf, .doc, .docx, .png, .jpg, .jpeg, .txt or .rtf. Click here to learn more about allowed file uploads.
Once documentation is submitted, and assuming the data subject has completed their authorization flow, these will be available for you to review in the DataGrail admin console, within the Request Wizard.
Data Subject Verification
The data subject’s verification flow is simple and ensures that no request is processed without the data subject authorizing the agent to submit a request on their behalf. After a request is submitted by the authorized agent, the data subject will receive a verification email. Below is an example of the email a data subject will receive once an authorized agent submits a request on their behalf.
If the data subject does not authorize the request to be processed, it will be closed. If they authorize the agent, a form will appear where the data subject can select and answer the questions selected as part of the Smart Verification check. An example would be, ‘what is the last item you bought from one of our stores?’ The Smart Verification feature connects to a specified System of Record (SOR) for a DataGrail customer and pulls data that can be used to verify the answers of data subject requesters.
Note: For email verification, a data subject is sent reminder emails one, seven, and ten days after they submit a request and the link in each will expire seven days after the email is sent.
Once answered, they will click submit and assuming the authorized agent has completed their verification step, the request will move to a Pending Wizard state where you can review their answers and the authorized agent's documents.
Processing Requests with an Authorized Agent
When the request is in Pending Wizard, you can review both the answers from the data subject and documentation from the authorized agent before approving the request. If you reject the request, you will have a chance to update the email that is sent out to the data subject about why the request was rejected. If you accept the information they submitted, the request will be processed through the standard request lifecycle.
With Smart Verification and the Authorized Agent workflow, you will be able to confidently process privacy requests knowing each request has a verified authorized agent, approval from the data subject, and a review by a member of your team.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.