Workflows: Quickstart Guide

Workflows are the engine for automating your privacy program. They allow you to build, manage, and execute the precise steps needed to handle Data Subject Rights (DSR) requests in a compliant, scalable, and transparent way. This guide explains what makes this system special and provides a step-by-step walkthrough for creating your first workflow.

The core of the system is built on a simple but powerful idea: workflows are designed to be clear, single-purpose, and easy to manage, which reduces errors and makes it easy to adapt to new regulations.

  • Workflows are unique to a combination of:
    • Data Action: The specific right being exercised (e.g., Access, Erasure).
    • Data Subject Type: The category of person making the request (e.g., Customer, Employee).
  • Single-purpose, targeted workflows are strongly preferred over attempting to build one large, complex workflow with many internal rules.
  • Duplicating and editing existing workflows is the fastest and most reliable way to support new regions or subject types.
  • A streamlined, 5-step wizard to guide you through DSR configuration.
  • A simple Identifiers page that alerts you when certain identifiers are missing for a given data system and provides a simple way to fix the issues without leaving the configuration screen.
  • The ability to duplicate workflows and manage them independently — providing flexibility to build and maintain workflows in a distributed team setting, to help you scale your compliance effortlessly.

Term

Definition

Workflow

An automated process for fulfilling a single data action for a specific subject type.

Data Action

The type of compliance request, such as "Access My Data" or "Delete My Data." Supported actions include: Access, Erasure, Rectification, Restriction, Opt Out of Sale, Opt Out of Tracking, Communication Opt-In/Out, and more.

Data Subject Type

The classification of the individual, like Customer, Employee, or Authorized Agent.

Preflight Check

An automated verification step that runs before a request is fulfilled, such as identity verification.

Enrichment

The process of gathering additional identifiers for a data subject to ensure systems can find their data accurately.

Integration

A connected data system, application, or database where subject data is stored (e.g., Salesforce, Stripe, AWS S3).

Datapoint

A specific data object or resource within an integration (e.g., a customer profile, a support ticket, or a payment record).

  • Admin access to the Transcend platform.
  • The Workflows UI must be enabled for your account.
  • You have a list of systems where you'd like to process workflow requests (Integrations).
  • You have a clear understanding of your organization's compliance obligations for each subject type you support.

Navigate to Privacy Requests > Workflows in your Admin Dashboard.

If no workflows exist yet, you will see a banner noting that DSRs submitted through the Privacy Center will default to legacy DSR Automation behavior until at least one workflow is published and visible.

Click the "New Workflow" button in the top right.

In the Create Workflow modal, fill in:

  1. Workflow title — This is what your workflow will be called in the Admin Dashboard and in the Privacy Center where users will make requests (e.g., "EU Customer Erasure").
  2. Internal name (optional) — Only shown in the Admin Dashboard to help you tell workflows apart. Does not change the name shown to users.
  3. Data action — Select the type of request this workflow will handle. Available actions include: Access, Erasure, Rectification, Restriction, Opt Out of Sale, Opt Out of Tracking, Opt In/Out of Automated Decision-Making, Communication Opt-In/Out, Sensitive Information Opt-In/Out, Custom Opt-In/Out, Place on Legal Hold, Remove from Legal Hold, Business Purpose, and more.

Click Create to proceed to the 5-step configuration wizard.

You are now in the Workflow Details step (Step 1 of 5 in the wizard).

Fill in the Privacy Center Workflow Descriptors:

  1. Workflow title — Pre-filled from the previous step. This appears in the Admin Dashboard and Privacy Center.
  2. Internal name (optional) — Admin-only label to distinguish workflows.
  3. Subtitle (required) — Appears within the Data Action button of the Privacy Center where users make their requests.
  4. Description (required) — Gives additional information related to the Data Action after authentication is completed.

Configure Request Settings:

  1. Data subjects — Select the data subject type(s) this workflow applies to (e.g., Customer, Former Employee). If you don't see the type you need, you can create a new one.
  2. Show in Privacy Center — Toggle on to make this workflow visible in your Privacy Center so users can submit requests. Workflows hidden from the Privacy Center can still receive requests via API.
  3. Collect data subjects' regions — Choose between:
    • "Do not collect region" — Use this if you apply the same workflow to all regions globally.
    • "Collect in form" — Requesters self-identify their region when submitting a request.
  4. Expiry Time — Set the maximum number of calendar days that a request must be fulfilled (default: 30).
  5. Advanced Settings — Optionally configure custom field selection to allow customers to select custom fields when processing these requests.

Click Save and continue.

You are now on the Integrations step (Step 2 of 5 in the wizard).

This step shows all data systems (integrations) that support the data action selected for this workflow.

  • The Selected tab shows integrations already included in this workflow (added automatically if they support the data action).
  • The Not Selected tab shows available integrations you can add.

To manage integrations:

  1. Review the integrations automatically added. By default, all integrations that support the given data action are selected and enabled.
  2. If you'd like to connect a new integration, click "Connect new integration" and follow the setup steps.
  3. Use the "Refresh list" button if an integration is not appearing.
  4. Deselect or remove any integrations that are not needed for this workflow.

Click Continue to Identifiers.

You are now on the Identifiers step (Step 3 of 5 in the wizard).

This step has two sections:

User Input Identifiers Select which identifiers the data subject must provide when submitting a DSR (e.g., email, phone). These are used to locate the user's data and may be sent directly to integrations or routed through enrichers.

Workflow Identifiers A table of all identifiers needed across your connected systems, showing:

  • Active toggle — Enable or disable each identifier for this workflow.
  • Identifier Needed — The identifier type required by one or more integrations (e.g., email, phone, coreldentifier).
  • Identifier Source — Shows how the identifier will be resolved. If no enricher is configured, you will see a warning with links to "Add an enricher" or "add a user input identifier."

Workflow Enrichers A table of all enrichers connected to this workflow. Enrichers resolve identifiers automatically before a request is processed.

  • Click "Add enricher to workflow" to connect an enricher that can resolve a missing identifier.
  • You can add both identity enrichers (to look up additional identifiers) and verification enrichers (to verify the identity of the requester before processing).
  • Preflight checks such as Government ID verification, phone number verification, and email verification can also be configured here.

Fix any flagged identifier issues before proceeding to ensure complete identity resolution and request fulfillment coverage.

Click Continue to Datapoint Actions.

You are now on the Datapoint Actions step (Step 4 of 5 in the wizard).

This step shows all datapoints affected by this workflow across your connected integrations. For each datapoint you can see:

  • Datapoint — The name of the specific data object (e.g., "Custom Datapoint", "Global Profile").
  • Description — A description of what data is stored in this datapoint.
  • Data System — The integration that owns this datapoint.
  • Owners — Assign an owner (by name or email) responsible for this datapoint.
  • Teams — Assign a team responsible for handling this datapoint.

Click on any datapoint row to configure the specific action that should be taken for that datapoint in this workflow (e.g., delete, anonymize, export, redact).

Click Continue to Summary.

You are now on the Summary step (Step 5 of 5 in the wizard).

Review all your configuration in one place:

  • Workflow Details — Title, data action, data subjects, user-provided identifiers, Privacy Center visibility.
  • Integrations — All connected data systems included in this workflow.
  • Preflight Checks — Any configured preflight verification steps.
  • Identifiers — The full list of identifiers and which systems they map to.

Each section has a pencil icon to jump back and edit that specific step.

To test before publishing:

Click "Run Test Request" to submit a test request using sample data. This simulates a real request and helps verify that the workflow is correctly configured.

Note: To use "Review & Publish," the "Show in Privacy Center" toggle must be enabled in Workflow Details, or you can publish the workflow as hidden.

Once satisfied, click "Review & Publish" to publish the workflow. Published workflows are live and will be used to process real requests.

From the Privacy Requests > Workflows list, each workflow row shows:

  • Title — The workflow name.
  • Action — The data action type.
  • Data Subjects — The subject types covered.
  • Regions — The region collection setting.

Hover over any row to reveal the ⋮ menu, which provides:

  • View Requests — See all DSR requests that have been routed through this workflow.
  • Duplicate — Clone this workflow to create a variation (e.g., clone "EU Customer Erasure" to create "California Customer Erasure" and update the region setting).
  • Delete — Permanently remove the workflow.
Important: If no workflows are currently visible in the Privacy Center, DSRs submitted through the Privacy Center will default to the legacy DSR Automation behavior.
  • Design for simplicity: Create one workflow for each unique combination of action and subject type.
  • Duplicating workflows is your friend: Use the Duplicate option to rapidly expand your compliance coverage to new subject types. Avoid building from scratch every time.
  • Rely on built-in logic: Trust the automatic subject-based exposure in the Privacy Center. Do not try to create workarounds with complex internal logic.

The system is designed to prevent silent failures. Any enrichment steps that are skipped or cannot be run will be flagged as an issue in the Identifiers step for you to resolve before publishing.

If a workflow isn't working as expected, check:

  1. Its Privacy Center visibility setting (Show in Privacy Center toggle).
  2. Any unresolved identifier issues flagged in the Identifiers step.
  3. That the correct Data Subject type is assigned.

Q: Can I create one workflow that handles multiple regions using conditional logic? A: No. Each workflow is scoped to a single data action and subject type. The region is handled via the "Collect in form" setting where requesters self-identify. To support different behavior per region, duplicate an existing workflow and adjust the settings.

Q: How do I control which workflows my users see in the Privacy Center? A: This is controlled by the "Show in Privacy Center" toggle in the Workflow Details step. Only workflows with this toggle enabled will be visible to users.

Q: Can I edit a live (published) workflow? A: Yes. Changes are saved as a draft and do not affect active requests until you explicitly publish the new version.

Q: How do I support a new subject type? A: Use the Duplicate option on an existing workflow. In the new workflow, update the Data Subject type and any other settings that differ.

  • Build simple, single-purpose workflows and duplicate them to create variations for different subject types.
  • Use the built-in identifier and enricher tooling at every step to ensure complete coverage.
  • Test your workflows before publishing to confirm they process requests correctly.
  • Adapt quickly and safely — workflow changes are saved as drafts and don't impact live requests until you publish them.

For more detailed information or personalized assistance, contact your Transcend Customer Success representative.