Data subjects and data actions

A DSR Workflow is a procedure for how your organization handles Data Subject Requests. With Transcend Privacy Requests, you can choose to customize your DSR workflow along several dimensions depending on things like how much human verification your company chooses to keep in the loop, what DSR types you choose to process, and how long after receiving an erasure request your company chooses to permanently erase the information in question.

The following sections can be configured in the Admin Dashboard on the "Data Subject Requests" settings tab.

This section is about configuring the "who" of your DSR Workflow. A Data Subject is a person whose data you control or process. In the context of GDPR, the term data subject refers to European human citizens, and does not include such entities such as companies or collections of people.

A single company may collect and/or process the data of a number of different types of data subjects. These data subjects could fall into types such as Customers, Employees, Contractors, Job Applicants, etc. Each of these different data subject types might have data stored and processed by different parts of your organization. Transcend helps to manage this abstraction by allowing you to specify and manage your organization's "Data Subjects" in the Request Settings → tab of the Admin Dashboard where you can specify such things as different login flows for different Data Subject types authenticating to the Privacy Center.

Right now, Data Subject types are custom configured on our end, but you would like to add additional data subjects, please email us at

This is about the "what" of a DSR Workflow and describes the operation that your customers might request you do with their data.

In Transcend the following actions that are custom-tuned to be compliant with key regulations under GDPR and Full Text: CCPA.

Data ActionDescriptionEvent Key
AccessA request to access/download/export in machine-readable format. ACCESS
ErasureA request to be forgotten and removed from your systems.ERASURE
Opt Out of Communication/Marketing EmailsA request to be blocklisted from future communications. An example of this is when someone unsubscribes from all marketing emails.CONTACT_OPT_OUT
Opt Out of TrackingA request to not be tracked.TRACKING_OPT_OUT
Opt Out of Automated Decision MakingA request to prevent automated decision making about them.AUTOMATED_DECISION_MAKING_OPT_OUT
Opt Out of Sale of InformationA request to stop the sale of their personal information.SALE_OPT_OUT
Update InaccuraciesCustomers request that you correct information you have on them. This may be something as simple as "change the address you have for me on record".RECTIFICATION

You can enable automatic erasure fulfillment with a wait period. This gives time for the user or your team to cancel the erasure request. You can also disable automatic fulfillment and require an approval. You can make these changes by going to Settings -> Data Subject Requests. Once there, click the edit icon on "Erase" and you'll see a settings view.

We currently support two types of wait periods:

When someone is deleting their account, you may want to give them the option to back up the data before deleting it for good. When this feature is in use the workflow will look like:

a) compile data for the user across the integrations b) after request is approved, send the user a DSAR download link and wait 2 weeks before deleting the account. The Data Subject has the option to cancel their request at any time on the Privacy Center. c) After the 2 week delay period, the erasure process will begin. At this time time, the user will no longer be able to download their data or cancel their request.

To enable this feature ensure the setting named "Begin erasure immediately and prevent file downloads" is unchecked. If you turn on this checkbox, there will be no delay period, and the request will begin to erase immediately after the request is approved.

For security reasons, you may want to wait to delete someones account for a day, a week or even longer. Delaying a request will allow you to send an email notification to the data subject explaining a reason in which they may want to cancel their request. To enable automatic erasure request fulfillment, enable "Delay After Verification" and choose a wait period in days.

To disable automatic erasure fulfillment and require an approval step before performing an erasure, disable "Delay After Verification".

To require an approval before sending the final report to the data subject, enable "Approval Before Send". Note that "Approval Before Send" only affects the final report, and not the actual data erasure. Use "Delay After Verification" to configure the data erasure step.