Data subjects and data actions
A DSR Workflow is a procedure for how your organization handles Data Subject Requests. With Transcend Privacy Requests, you can choose to customize your DSR workflow along several dimensions depending on things like how much human verification your company chooses to keep in the loop, what DSR types you choose to process, and how long after receiving an erasure request your company chooses to permanently erase the information in question.
This section is about configuring the "who" of your DSR Workflow. A Data Subject is a person whose data you control or process. In the context of , the term data subject refers to European human citizens, and does not include such entities such as companies or collections of people.
A single company may collect and/or process the data of a number of different types of data subjects. These data subjects could fall into types such as
Job Applicants, etc. Each of these different data subject types might have data stored and processed by different parts of your organization. Transcend helps to manage this abstraction by allowing you to specify and manage your organization's "Data Subjects" in the tab of the Admin Dashboard where you can specify such things as different login flows for different Data Subject types authenticating to the Privacy Center.
Right now, Data Subject types are custom configured on our end, but you would like to add additional data subjects, please email us at
This is about the "what" of a DSR Workflow and describes the operation that your customers might request you do with their data.
|Data Action||Description||Event Key|
|Access/Download||A request to access/download/export in machine-readable format.||ACCESS|
|Erasure/Deletion||A request to be forgotten and have all personal data removed from your systems.||ERASURE|
|Opt Out of Communication/Marketing||A request to be block-listed from future communications. An example of this is when someone unsubscribes from all marketing emails or SMS.||CONTACT_OPT_OUT|
|Opt in to Communication/Marketing||A request to opt a user into communication or marketing channels.||CONTACT_OPT_IN|
|Opt Out of Tracking/Analytics||A request to not be tracked.||TRACKING_OPT_OUT|
|Opt in to Tracking/Analytics||A request to re-enable tracking.||TRACKING_OPT_IN|
|Opt Out of Sale/Share of Data||A request to stop the sale or share of personal information.||SALE_OPT_OUT|
|Opt in to Sale/Share of Data||A request to opt back in to the sale or share of personal information.||SALE_OPT_IN|
|Opt Out of Automated Decision Making||A request to opt out of automated decision making.||AUTOMATED_DECISION_MAKING_OPT_OUT|
|Opt in to Automated Decision Making||A request to opt back in to automated decision making.||AUTOMATED_DECISION_MAKING_OPT_IN|
|Opt Out of Custom Purpose||An opt out for a custom type of request purpose.||CUSTOM_OPT_OUT|
|Opt in to Custom Purpose||An opt in for a custom type of purpose.||CUSTOM_OPT_IN|
|Opt Out of the Use of Sensitive Information||A request to limit the usage of sensitive information, a requirement under the CPRA.||USE_OF_SENSITIVE_INFORMATION_OPT_OUT|
|Opt in to the Use of Sensitive Information||A request to opt back into the use of sensitive information.||USE_OF_SENSITIVE_INFORMATION_OPT_IN|
|Rectification/Update Inaccuracies||A request to correct any inaccurate records.||RECTIFICATION|
|Restriction of Processing||A request to pause data processing activities.||RESTRICTION|
|Business Purpose Report||A request for a business report that describes which of your data we collect and for what purposes we use that data.||BUSINESS_PURPOSE|
|Place on Legal Hold||Place a particular person on legal hold by freezing access to their accounts.||PLACE_ON_LEGAL_HOLD|
|Remove from Legal Hold||Remove existing legal holds on a person.||REMOVE_FROM_LEGAL_HOLD|
You can enable automatic erasure fulfillment with a wait period. This gives time for the user or your team to cancel the erasure request. You can also disable automatic fulfillment and require an approval. You can make these changes by going to . Once there, click the edit icon on "Erasure" and you'll see a settings view. We currently support two types of wait periods:
When someone is deleting their account, you may want to give them the option to back up the data before deleting it for good. When this feature is in use the workflow will look like:
a) compile data for the user across the integrations b) after request is approved, send the user a DSAR download link and wait 2 weeks before deleting the account. The Data Subject has the option to cancel their request at any time on the Privacy Center. c) After the 2 week delay period, the erasure process will begin. At this time time, the user will no longer be able to download their data or cancel their request.
To enable this feature ensure the setting named "Begin erasure immediately and prevent file downloads" is unchecked. If you turn on this checkbox, there will be no delay period, and the request will begin to erase immediately after the request is approved.
For security reasons, you may want to wait to delete someones account for a day, a week or even longer. Delaying a request will allow you to send an email notification to the data subject explaining a reason in which they may want to cancel their request. To enable automatic erasure request fulfillment, enable "Delay After Verification" and choose a wait period in days.
To disable automatic erasure fulfillment and require an approval step before performing an erasure, disable "Delay After Verification".
To require an approval before sending the final report to the data subject, enable "Approval Before Send". Note that "Approval Before Send" only affects the final report, and not the actual data erasure. Use "Delay After Verification" to configure the data erasure step.