Processing privacy requests

Privacy request processing is the process by which approved privacy requests are submitted to internal database or third party SaaS applications to be fulfilled. Said differently, processing is the execution of the privacy request that ensures that the legal obligation has been fulfilled.

For Access or Portability requests, Fides will send a request to the data store to return a machine-readable package containing all personal data that is found about the data subject.
For Erasure or Rectification requests, Fides will send a request to the data store to erase, mask, or update all applicable personal data that is found about the data subject.

Methods for sending requests

There are multiple methods available for sending privacy requests to database or third party SaaS vendors:

API requests: This is the preferred way to process privacy requests and uses an interface provided by the database or third party SaaS vendor.
Email requests: Email requests use a pre-configured email template to submit privacy requests the vendor using an email provided in their privacy policy.
Manual requests: Fides can be configured to use a webhook to connect to an application and execute requests.

Some methods have limitations on the types of privacy requests that can be supported. For example, we cannot currently support access requests over email because we can't enforce that the package returned is well-formatted or machine-readable.

See the relevant sections below to learn more about each approach:

API requests

This is the preferred way to process privacy requests and uses an interface provided by the database or third party SaaS vendor.

In order to configure privacy requests using an API, you will need to:

Gather credentials with the appropriate permissions.
Generate & annotate a dataset to describe the data store (if the application is a database).
Configure an integration to the application or database.
Review and update the privacy request execution policy (if desired).

Gathering credentials

Fides uses Integrations to submit privacy requests to databases and third party SaaS applications. In order to execute the appropriate queries to satisfy privacy requests against a data store, Fides will need credentials for an account with permission to perform these operations.

When you have gathered these credentials, you can proceed to generate your dataset if you're using a database, or skip ahead to configure an integration, for SaaS connections.

Generating datasets

A dataset is a configuration file that describes, to Fides, how to interact with your databases for the purpose of processing privacy requests. A dataset describes where categories of personal data (e.g. user contact info) can be found and how fields in tables or collections are related so that Fides can traverse the data to fulfill privacy requests.

Datasets also are required to integrate with SaaS applications. However, Fides pre-configures these datasets and they typically work out-of-the-box.

In order to generate an actionable dataset, you will need to:

Once the dataset configuration complete, you can move to the next step and link the dataset to an Integration.

Configuring integrations

An Integration connects Fides to your databases and third-party SaaS applications, allowing Fides to execute privacy requests against all data in your organization. To learn how to configure integrations in Fides, please see our guide for Integrating systems.

Managing policies

A privacy request policy is a set of rules that are executed when a data subject submits a privacy request. The policy describes how Fides should return or erase data to satisfy the privacy request.

A privacy request policy consists of:

Rules: these define which actions to take when a privacy request with the corresponding action_type is submitted
Rule targets: these are the data categories to which the rule applies, as annotated in the previous step.

Fides ships with two default privacy request policies: download (for access requests) and delete (for erasure requests).

The download policy is configured to retrieve user data and upload this data to a local storage location.
The delete policy is configured to mask user data with the string "MASKED".

To learn how to configure custom policies, please see our guide for Configuring privacy request policies.

Configuring storage

Access requests produce a package of personal data upon completion, if data is found. This data will need to be uploaded to a storage destination (e.g. an S3 bucket) in order to be returned to the user.

To learn how to configure a storage destination, please see our guide for Creating a storage destination.

Troubleshooting

To learn how to debug common issues with API-based privacy requests, please see our guide for Identifying & debugging issues

Email requests

To configure Fides to send erasure requests via email, follow these steps:

Navigate to the system: Data map → View Systems and choose the system that you want to integrate with.
Click on the Integrations tab.
Select Generic Erasure Email from the drop-down menu.
Enter the SaaS application name
Enter the Recipient email address (typically privacy@[company].com).
Enter a Test email address, if desired. This will send a copy of the email request to the specified address.
Click Save.

We cannot currently support access requests over email because we can't enforce that the package returned is well-formatted or machine-readable.

Processing manual requests

Overview

Manual task integrations provide a mechanism for fulfilling data access and erasure requests for systems that lack a programmatic interface. When a privacy request is submitted, the Fides privacy request workflow executes as a directed acyclic graph. This process runs manual tasks in parallel with automated integrations, ensuring efficiency. Once the workflow reaches a point where manual intervention is necessary, the privacy request's status transitions to "Requires Input," and tasks are generated.

Task Creation and Assignment

Upon the submission of a privacy request, the system generates manual tasks corresponding to the specific request type, either access or erasure. These tasks are then automatically assigned to the internal or external users who were designated as responsible during the integration configuration.

Task Fulfillment

Internal Users

Registered Fides users can view and manage their assigned tasks directly within the Fides user interface. A dedicated "Manual Tasks" tab in the Request manager lists all tasks assigned to the logged-in user. From this interface, users can provide the necessary information for access requests or confirm deletion for erasure requests.

Internal users who are assigned to the roles of "Viewer" will only be able to view the tasks assigned to them. Approvers, Contributors, and Owners will be able to view and complete all tasks in ths system.

External Users

Fides also accommodates users who are not registered with the system, such as external vendors or partners. These users interact with their assigned tasks through a secure, external portal hosted on the Fides Privacy Center.

Accessing the Portal: External users receive an email containing a secure link to the portal when they are first assigned to a task. To access the portal, the user must click the link and verify their identity by entering their email address. A one-time password (OTP) is then sent to their email, which they must enter to gain access.

Task Management: The external portal displays a list of tasks assigned specifically to that user. They can then fulfill access or erasure requests directly through this interface.

Completing and Skipping Tasks

Once a user, whether internal or external, completes their assigned task, the privacy request workflow resumes its execution.

Access Requests: For access requests, users can upload files or provide text. Any files provided are included in the final data package delivered to the individual who made the request.

Erasure Requests: For erasure requests, users are presented with a checkbox to confirm that the subject's data has been deleted from the relevant system.

Skipping Tasks: If a user cannot find any data corresponding to the data subject, they have the option to skip the task. In this scenario, they are required to leave a comment explaining why the task was skipped, providing an audit trail for the action.

Managing External Users

The assignment of external users to tasks is managed within the task configuration settings. If an external user's responsibilities change, or if they leave an organization, they can be removed from the task configuration at any time to revoke their access and task assignments. Read more about managing users.

Workflow Completion

After all manual and automated tasks are completed, the privacy request is marked as fulfilled.