Skip to content
Privacy Requests
Guides
Privacy Request Types

Configure Privacy Request Types

Fides supports eight privacy request types that map to data subject rights under GDPR, CCPA, and other privacy regulations: access, erasure, portability, consent, correction, restrict processing, automated decision review, and complaint. Each type has a seeded default policy that Fides creates automatically at startup.

This feature requires Fides Cloud or Fides Enterprise. For more information, talk to our solutions team. (opens in a new tab)

Available request types

Request typeAction typeDefault policy keyRequires user inputRelevant regulations
Accessaccessdefault_access_policyOptionalGDPR Art. 15, CCPA
Erasureerasuredefault_erasure_policyOptionalGDPR Art. 17, CCPA
Portabilityportabilitydefault_portability_policyOptionalGDPR Art. 20
Consentconsentdefault_consent_policyOptionalGDPR Art. 7, CCPA
Correction / Rectificationupdatedefault_correction_policyRequiredGDPR Art. 16
Restrict Processingrestrict_processingdefault_restrict_processing_policyRequiredGDPR Art. 18
Automated Decision Reviewautomated_decisiondefault_automated_decision_policyRequiredGDPR Art. 22
Complaintcomplaintdefault_complaint_policyRequiredGDPR Art. 77

Automated request types

Access, erasure, portability, and consent requests are processed through Fides integrations. These can include automated integrations, manual task integrations, or a combination of both.

Portability requests use the same pipeline as access requests and produce a data package in the same format, delivered to the same storage destination. No additional configuration is needed beyond what is required for access requests.

Manual request types

Correction, restrict processing, automated decision review, and complaint requests cannot be fulfilled automatically, they require user input. These request types create manual tasks that a user must complete.

The "Automated Decision Review" request type is named for the right it exercises (GDPR Art. 22, the right to contest automated decisions). The request itself is fulfilled manually by a human reviewer.

When a manual request is submitted, the request transitions to a "Requires Input" status. At this point the configured manual tasks are available for completion and assigned to the relevant users. For details on which roles can complete tasks, see Processing manual requests.

Configure the Privacy Center

To make a request type available to data subjects, add a privacy request action to the Privacy Center configuration on your property. Each action references the request type and defines the intake form that the data subject fills out.

  1. Navigate to Settings > Properties and select your property.
  2. Click the edit button on a privacy request action, or add a new one by choosing the request type you want to offer (e.g. "Correction / Rectification").
  3. Use the form builder to design the intake form, including identity fields and any custom fields.

You can also configure actions via the API or directly in config.json. See Configure Privacy Request Options for the JSON-based approach.

Set up manual tasks

Manual request types require a manual task integration so that users know what action to take when a request arrives.

Step 1: Create tasks

  1. Navigate to Integrations in the Admin UI.
  2. Click Add Integration and select Manual Task.
  3. Give the integration a name (e.g. "Customer data correction team").

Step 2: Configure task fields

  1. Open the integration and navigate to the Configure Tasks tab.
  2. Add a field for each request type you want to support. Select the request type from the dropdown:
    • Access
    • Erasure
    • Consent
    • Correction / Rectification
    • Restrict Processing
    • Automated Decision Review
    • Complaint
  3. Choose a field type (text, checkbox, or attachment) and provide a label that describes what the user should do (e.g. "Update customer info", "Confirm processing restricted").

The label you configure here is what users will see in the Admin UI when completing the task, so use something descriptive that tells them what action is expected.

Step 3: Assign users

Assign users to the integration. When a request of the matching type is submitted, assigned users will be notified and can complete the task from the Admin UI or the external portal.

For more details on task configuration and the completion workflow, see Processing manual requests.

Complete manual requests

When a data subject submits a manual request (correction, restrict processing, automated decision review, or complaint):

  1. Fides creates a manual task and transitions the request to "Requires Input" status.
  2. Assigned users receive a notification (via the digest email or the Admin UI).
  3. The user opens the task in the Manual Tasks tab of the Request Manager.
  4. Any custom fields the data subject provided (e.g. the field to correct, reason for restriction, complaint details) are displayed alongside the task.
  5. The user completes the task by providing the required response or confirming the action was taken.
  6. Once all tasks are complete, Fides marks the request as fulfilled and sends the completion email to the data subject.

Enable completion email templates

Each request type has its own completion email template that can be sent to the data subject when the request is fulfilled. These templates are automatically created at startup but are disabled by default. An administrator must enable each template before emails will be sent.

Request typeTemplate name
AccessPrivacy request complete (access)
ErasurePrivacy request complete (erasure)
ConsentPrivacy request complete (consent)
PortabilityPrivacy request complete (portability)
CorrectionPrivacy request complete (correction)
Restrict ProcessingPrivacy request complete (restrict processing)
Automated Decision ReviewPrivacy request complete (automated decision)
ComplaintPrivacy request complete (complaint)

For details on enabling and customizing email templates, see Email template types.

Choose custom fields for each request type

The custom_privacy_request_fields configuration lets you collect structured information from data subjects at intake time. While these fields are optional, certain request types benefit from specific fields that help users fulfill the request efficiently.

Request typeRecommended fieldsWhy
CorrectionSelect field for which data to correct, text field for the corrected valueUsers need to know what is wrong and what the correct value should be
Restrict ProcessingSelect field for reason, optional textarea for detailsThe legal basis for restriction determines how it should be handled
Automated Decision ReviewText field for which decision, optional textarea for reasoningUsers need to identify which automated process is in question
ComplaintSelect field for complaint type, required textarea for details, optional file uploadComplaints need enough detail to investigate, and supporting documents can be helpful
AccessGenerally not neededThe automated pipeline handles retrieval without additional input
ErasureGenerally not neededThe automated pipeline handles deletion without additional input
PortabilityGenerally not neededUses the same pipeline as access requests

For information on configuring custom fields, including conditional display logic and file upload support, see Custom request fields.