Being listed as a processor on a direct contact integration means you’ll play an important part in taking action on access and deletion requests your company receives. Below, we’ll walk you through the steps of taking action on a privacy request as the Processor for a Direct Contact integration.
Note: The processes and forms for Access and Deletion requests are very similar, make sure to read the email and form carefully to ensure you are taking the right action.
Direct Contact Processor Steps
- You will receive an email with a link asking for your assistance to take action on a request along with the due date for responding (14 days by default)
- After clicking the link, you’ll be taken to a form with a small blurb on what action the requester is asking you to take (upload any records or delete any records), the data subject’s information, and a response section. The example below is from an access request asking the processor to upload any relevant personal data or report back that the system does not hold any of the data subject's personal data.
- After looking through your system and uploading any valid records following the allowed format and size limits, you are required to enter your email and check a box ensuring everything is true and correct. You can also add a note that will get passed along to the user in DataGrail to provide them any additional information you think they need to know.
- Note: For deletion requests, you will simply mark whether you deleted the data subject information or that the data subject has no records in the system.
Disclaimer: The information contained in this message does not constitute as legal advice. We would advise seeking professional counsel before acting on or interpreting any material.