Workflows: Quickstart Guide
Workflows are the engine for automating your privacy program. They allow you to build, manage, and execute the precise steps needed to handle Data Subject Rights (DSR) requests in a compliant, scalable, and transparent way. This guide explains what makes this system special and provides a step-by-step walkthrough for creating your first workflow.
The core of the system is built on a simple but powerful idea: workflows are designed to be clear, single-purpose, and easy to manage, which reduces errors and makes it easy to adapt to new regulations.
- Workflows are unique to a combination of:
- Data Action: The specific right being exercised (e.g., Access, Erasure).
- Data Subject Type: The category of person making the request (e.g., Customer, Employee).
- Region: The jurisdiction governing the request (e.g., European Union, California).
- Single-purpose, targeted workflows are strongly preferred over attempting to build one large, complex workflow with many internal rules.
- Duplicating and editing existing workflows is the fastest and most reliable way to support new regions or subject types.
- A streamlined, step-by-step wizard to guide you through DSR configuration.
- A "datapoint actions" view that provides a clear, simple way to configure how each datapoint should be handled for the given workflow, across integrations.
- Simple identity resolution page alerts you when certain identifiers are missing for a given data system and provides a simple way to fix the issues without leaving the configuration screen.
- The ability to duplicate workflows and manage them independently - providing flexibility to build and maintain workflows in a distributed team setting, to help you scale your compliance effortlessly.
| Term | Definition |
|---|---|
| Workflow | An automated process for fulfilling a single data action for a specific subject type and region. |
| Data Action | The type of compliance request, such as “Access My Data” or “Delete My Data.” |
| Data Subject Type | The classification of the individual, like Customer, Employee, or Authorized Agent. |
| Region | The legal jurisdiction, such as a country (UK), a region (EU), or a US state (California). |
| Preflight Check | An automated verification step that runs before a request is fulfilled, such as identity verification. |
| Enrichment | The process of gathering additional identifiers for a data subject to ensure systems can find their data accurately. |
| Integration | A connected data system, application, or database where subject data is stored (e.g., Salesforce, Stripe, AWS S3). |
| Datapoint | A specific data object or resource within an integration (e.g., a customer profile, a support ticket, or a payment record). |
| Grouped Datapoint Actions | A bulk summary view that shows all data operations (e.g., delete, anonymize, retrieve) grouped by integration, making it easy to review. |
| duplicating Workflows | The action of creating a new workflow by duplicating an existing one. This is the recommended way to create variations for new regions or subject types. |
| Fix issue | A built-in user interface tool that flags configuration problems, such as failed enrichment steps or unassigned datapoints, and provides guidance to fix them. |
| Region/Subject Exposure | The principle that workflows are only displayed in the Privacy Center to requesters who match the workflow’s assigned region and subject type. |
- Admin access to the Transcend platform.
- The Workflows V2 UI must be enabled for your account.
- You have a list of systems where you'd like to process workflow requests (Integrations).
- You have a clear understanding of your organization's compliance obligations for each region and subject type you support.
-
Navigate to Privacy Requests > Workflows in your Admin Dashboard.
-
Click the "Create New Workflow" button.
-
Choose the Data Action this workflow will handle (e.g., Erasure, Access, Sale Opt-Out).
-
Give your workflow a descriptive Name for easy identification (e.g., "EU Customer Erasure").
Important:
Each workflow is tied to one or more regions and one data subject type for a single data action. To support a new region, clone an existing workflow and adjust its settings.
-
Provide a Subtitle and Description of the workflow that will appear on the Privacy Center to describe the given workflow.
-
Choose the data subject type that this workflow applies to (e.g., Customer, Former Employee).
-
Select all target regions from the searchable list of countries and subregions.
- US states and other subregions are fully supported.
-
Click Save and continue to continue.
-
Review the integrations (e.g., Salesforce, Zendesk, internal databases) that are automatically added to this workflow. By default, all integrations that support the given data subject and data action are selected and enabled for the workflow.
-
If you'd like to connect new integrations, click on "connect new integration" and follow the requirements there.
-
Remove any integrations that are not needed for this workflow.
Some integrations require specific identifiers in order to process requests. Some examples include internal datastore User_IDs, their identifiers in CMS services, etc. In order to fully process requests, we need to retrieve those identifiers before processing the request.
The fix issue button will automatically appear to flag any problems with your preflight or enrichment setup. This will help you ensure complete identity resolution and request fulfilment coverage.
Clicking on the "fix issue" buttons and adding the appropriate enrichers will build a way to resolve to the missing identifier and ensure you'll be able to fully process these requests.
In addition to building identity enrichers, you can also add verification enrichers that run a identity verification process to verify missing identifiers.
-
Define any preflight checks that are required for the workflow to verify the identifiers of the user. These preflight checks could include Government Id checks, phone number verification, email verification, and more.
-
If you need to add a new enricher or preflight check, use the Add Enricher button:
- Use the datapoint actions view to configure how each datapoint should be handled (e.g., delete, anonymize, export, redact) for the workflow, across all integrations.
- The grouped summary view makes it easy to review and confirm all actions in one place.
-
Review your draft workflow in the UI. Drafts are clearly marked and are separate from live, published workflows.
-
Submit a test request using sample data to simulate a real request. This test helps ensure that the test data is properly deleted from the integrations of that workflow.
-
Review your Summary configuration to ensure it properly covers your desired workflow use-case.
-
Once all tests are successful and no issues are flagged, click "Publish Workflow".
-
If you enabled the option to display the workflow in your Privacy Center, it will appear on your Privacy Center only to requesters whose subject type, data action and region match the workflow's settings.
-
To support a new subject type or different region, use the “Duplicate” option.
- Example:
- Clone the "EU Customer Erasure" workflow to create a "California Customer Erasure" workflow.
- In the new workflow, simply update the region and make any other minor adjustments.
- Example:
-
You can safely edit a live workflow. Your changes are saved as a draft and will not affect active requests until you explicitly publish the new version.
- Remember, workflows are only shown in the Privacy Center if both the requester’s detected region and selected subject type match.
- The auto-detect region feature is on by default and is recommended to ensure the right workflows are shown to the right people.
- You can test which workflows will appear by simulating requests from different regions and for different subject types.
- If a workflow isn't appearing when you expect it to, double-check its region and subject assignments in the workflow editor.
- Design for simplicity: Create one workflow for each unique combination of action, subject, and region.
- Duplicating Workflows is your friend: Use the duplication option to rapidly expand your compliance coverage to new geographies and subject types. Avoid building from scratch every time.
- Rely on built-in logic: Trust the automatic region- and subject-based exposure in the Privacy Center. Do not try to create workarounds with complex internal logic.
- The system is designed to prevent silent failures. Any enrichment steps that are skipped or cannot be run will be flagged as an issue for you to resolve.
- If a workflow does not appear in your Privacy Center, the first things to check are:
- Its assigned Region and Subject Type.
- Its Privacy Center exposure settings.
- Any unresolved configuration issues flagged in the panel.
Q: Can I create one workflow that handles multiple regions using conditional logic?
A: No. Each workflow is scoped to a unique combination of action, region, and subject type. To support more regions, you should clone an existing workflow and adjust the new one's settings.
Q: How do I control which workflows my users see in the Privacy Center?
A: This is handled automatically. Only workflows that match the requester’s detected region and chosen subject type will be displayed.
- Build simple, single-purpose workflows and duplicate them to create variations for different regions and subject types.
- Use the built-in error-proofing and debugging tools at every step of the configuration process.
- Test your workflows to ensure they are routed correctly and appear as expected in the Privacy Center.
- Adapt quickly and safely—workflow changes are saved as drafts and don't impact live requests until you publish them.
For more detailed information or personalized assistance, please consult the in-product help documentation or contact your Transcend Customer Success representative.