Authorized Agent Requests
Under some privacy laws data subjects are allowed to authorize other individuals or organizations to submit data subject requests on their behalf. You can learn more about authorized agent requests in our blog post on the subject.
Some authorized agent services scrape a user's email inbox, compile a list based on the communications found there, and then send templated emails to each organization to perform a DSR. This can result in a large number of requests being submitted outside your normal Privacy Center workflow. This doc outlines two ways you can choose to handle these requests.
Directing the requester to use your self-serve Transcend Privacy Center to authenticate and submit their request ensures you properly authenticate the requestor and receive all the information needed to fully process the request.
You can have multiple Data Subject types in your Privacy Center, each with their own Authentication Method. (See: End-User Identity Verification.)
For example, you can customize authentication methods for Authorized Agents to require Email Verification rather than an account login. This way authorized agents can input the email address and additional information they have on the data subject when submitting the request.
The user for whom the request was submitted will receive an email where they’ll be required to click a link and confirm the request before it can be completed.
Once the email is verified, Transcend will programmatically map the verified email to a User ID or other user identifiers that may be associated with that email address and move forward with fulfilling the request across connected systems. If you wish, you can also add a manual review step to approve all requests of this type before they begin processing.
If you prefer, you can instead enter the information from the authorized agent directly into the Transcend Admin Dashboard and initiate a request by following the steps for manual request submission.
When following the manual submission steps linked above, we highly reccomend you turn on the option to send an email verification link to the data subject to help verify their identity before the request is processed.