SAN FRANCISCO--(BUSINESS WIRE)--DataGrail, a leading data privacy platform, announced that it is enhancing its DSR automation capabilities to internal data systems such as custom databases, data warehouses, unstructured data stores, and internally built apps. DataGrail already fully integrates with 1300+ third-party SaaS applications, and the new API + agent allows companies to access, delete or anonymize data that lives in any other internal data system, from custom databases to internally built applications. The addition of the internal systems Integrations agent + API means that DataGrail offers the most automated and complete Data Subject Request Management tool available today.
Unlike third-party SaaS applications, most internal systems and some third-party apps lack public-facing APIs and agents that enable seamless integration of their data. A lack of a standard API makes extracting and untangling customer data from such systems incredibly challenging. Until now, organizations have relied on manual deletion and anonymization processes from engineering - these manual processes can create risk due to human error. Or they are connecting directly to an external app to carry out deletion processes which increases risk.
“Completing even a single DSR is an incredibly labor intensive process, and companies with the best intentions for upholding data privacy have not been able to figure out how to fully remove customer data from the intricate web of internal systems. This is a massive problem as more and more consumers seek control over how their personal information is retained and used,” said Daniel Barber, CEO and founder of DataGrail. “With our new API + agent, it doesn’t matter how complex a system is or how many SaaS applications are interwoven; DataGrail can automate DSR fulfillment.”
Challenges With DSR Fulfillment in Internal Data Systems
Today more people than ever before are acting on their rights to access or delete their personal information from businesses. According to DataGrail’s latest California Consumer Privacy Act (CCPA) Trend Report, the volume of DSRs and deletion requests nearly doubled from 2020 to 2021. Additionally, companies are now receiving DSRs from all 50 states, and the numbers are only expected to grow with new privacy legislation on the way, both in California and in additional states. This means that businesses must be able to connect to every system that holds personal data to remain in compliance.
Nearly every business has personal data living in third-party SaaS applications and what DataGrail calls internal data systems (i.e., anything outside of third-party SaaS such as custom databases, data warehouses, unstructured databases, or internally built apps). The challenge with connecting to internal data systems compared to third-party SaaS apps is that each internal system requires a unique setup, and the data stored in these systems is often highly sensitive and requires manual engineering resources to access. DataGrail has long been able to connect to third-party SaaS apps like HubSpot, Shopify, and Stripe, and now the company is offering a time-saving way to connect internal systems for complete DSR automation.
According to Gartner’s November 2021, Market Guide for Subject Rights Request, “Organizations face great challenges in sifting through structured and unstructured data stores spread across repositories — whether on-premises, in the cloud or with partners and subprocessors. In addition to the discovery and retrieval requirement, organizations must also ensure that they are not violating another user's privacy rights or exposing intellectual property when responding to SRRs. For those reasons, request fulfillment must follow a repeatable and scalable process in order to remain manageable and efficient.”
The New DataGrail Internal Systems Integration
DataGrail has worked closely with its customers to develop this secure and controlled solution to overcome the challenges posed by fulfilling DSRs across internal systems.
This integration can be installed once and connect to any internal system:
- Guarantees sensitive data is handled with care. Because a lot of very sensitive data is held in internal systems, any integration must be secure. DataGrail embraced an API + agent approach vs. a direct connection to ensure companies remain in control of their data at all times.
- Limits negative downstream impact. DataGrail customers are the experts on their data and business logic. Therefore, they maintain full control over the methods and tactics of retrieving the data from their systems before anything is deleted. This way things like the deletion of a data subject’s personal information will not impact historic revenue tracking.
- Automates workflows. The new API + agent reduces manual labor and minimizes the need for engineering resources to fulfill DSRs in internal systems. The moment a data subject makes a request, DataGrail automates the entire process end-to-end. It can be handled by a program manager without the need to engage engineering or IT.
- Scales efficiently. With the DataGrail API + agent, teams only have to build and configure the API + agent once and it will connect to any internal system. This allows companies to easily add new data systems that will automatically connect to the DataGrail application.
- Minimizes risk with universal integration. The DataGrail API + agent can integrate with any internal system regardless of risk profile or engineering capabilities. Integration can happen with DataGrail deploying its API + agent in the company’s infrastructure, using direct contact for companies with low volume of DSRs, or providing API Specs so that companies can build the API themselves.
“We want to simplify DSR fulfillment as much as possible for all companies. Doing so is good for their business, as well as good for consumers,” added Barber. “The new DataGrail API + agent is a profound yet practical solution that will change the privacy game moving forward.”
Learn more about the new DataGrail API + agent on our blog.
DataGrail is the privacy platform brands rely on to build customer trust and transparency. Our easy-to-use platform enables brands to automate data subject requests and gain control of their data, so they can stay compliant with regulations like GDPR, CCPA, and CPRA. With 1000+ pre-built connections with popular apps and infrastructure, the DataGrail Integration Network is the first of its kind to detect shadow IT that may contain personal data, ensuring the most accurate data foundation. DataGrail services millions of consumers, through companies like Overstock, Dexcom, Databricks, Outreach, and has 4.8/5 stars on G2. DataGrail is backed by leading VCs and strategic investors, including Felicis, Cloud Apps Capital Partners, Operator Collective, HubSpot, Okta Ventures, Next47 and American Express Ventures. Visit www.datagrail.io or follow DataGrail on Twitter and LinkedIn to learn more.