DataGrail in Action: Product Demo and Q&A – on Demand

Kendall Lovett: Hello, everyone.

Kendall Lovett: Thank you for joining us for this, on-demand

Kendall Lovett: Data Grail, walkthrough and product demo.

Kendall Lovett: I'm gonna give folks just a second to get to join here, and then we will dive into it.

Kendall Lovett: I know you've got a lot of things you could be doing on a…

Kendall Lovett: Tuesday, morning, or afternoon or evening for you, and so we appreciate you spending a little bit of time with us. We'll make this as,

Kendall Lovett: succinct and…

Kendall Lovett: informative as possible for you. Couple things to keep aware of, just housekeeping items, again, as we're waiting for folks to join. This is live, so, if you have questions, please ask them

Kendall Lovett: at any time, I'll do my best to address questions at the end, but I'll also, if, you know, relevant questions come up as I'm talking through things, I'll try and take them,

Kendall Lovett: As they come in as well, so you can use the Q&A box that's

Kendall Lovett: preferable, because that allows me to keep track of them more easily. You should be able to see a Q&A on your screen. There's also a chat function that we'll be monitoring as well.

Kendall Lovett: So with that, let's get into it. So I'm going to give you a brief overview of DataGrail, we'll go through a couple slides, and then we'll walk through a quick but succinct demo of the platform. So I'm Kendall, I lead product marketing at DataGrail.

Kendall Lovett: And, you know, one of the things that I want to kick off with is, when we talk about privacy management, privacy automation.

Kendall Lovett: what is sort of the key business objective, or the key driver of privacy, and how is that evolving? So, of course, protecting the privacy of our customers and their data that we collect and that they entrust us with is critical, and will always be critical.

Kendall Lovett: But as we're seeing trends change in the market, I think there's a couple of interesting things to call out here. So number one, the idea of risk and privacy risk has really grown in 2026. I think this is a really interesting study from Gartner, where,

Kendall Lovett: If you look at this chart over here on the right, for the first time.

Kendall Lovett: since, 2021, risk management is on the top 10 business priorities list for CEOs. This is not a privacy-specific study, this is just a general, what are the top strategic priorities for CEOs, and risk management comes in, into that top 10. You can see a 52% jump, which is really interesting.

Kendall Lovett: In addition, you know, some more detail there, what are the drivers of that risk management?

Kendall Lovett: Number one thing they called out is regulatory changes, and cybersecurity threats are challenging competitiveness.

Kendall Lovett: Of course, managing cybersecurity and privacy technology risks are going to be top of mind for CIOs, but I think it's really critical that we take a step back and think about, you know, from a CEO, from a business leader perspective, in 2021,

Kendall Lovett: when a lot of these CEOs thought about privacy risk, if they thought about it, then probably they were thinking GDPR, they were thinking, you know, if I'm…

Kendall Lovett: a…

Kendall Lovett: a major tech organization, if I'm Meta, or Google or Alphabet, then, you know, that's something I need to be really aware of. If I'm a Fortune 100.

Kendall Lovett: British Airways, someone like that, then I may be on the GDPR radar, but for the rest of us, this is not maybe the highest priority. However, there's been a lot of shift in the market since then.

Kendall Lovett: So, a few things to call out.

Kendall Lovett: Number one, I think there's sort of four factors that are driving this. So, number one is just the amount of, both

Kendall Lovett: litigation and enforcement has gone up dramatically. In fact, a recent study from Norton Rose Fulbright indicated that about 20-40% of U.S. organizations will experience some sort of privacy litigation.

Kendall Lovett: in 2026. That's as, more and more customers become aware of their privacy rights, as privacy rights continue to grow. And again, we're not talking about

Kendall Lovett: state or federal or government enforcement here. We're talking about private class action and litigation. As more and more customers become very aware, and as more…

Kendall Lovett: firms, track and look at if organizations and businesses are actually respecting things like do not sell or share rights, right, tracking, preferences, etc. In addition to that, of course, enforcement is also increasing, and we're seeing attorney generals.

Kendall Lovett: not only taking their own action, but also cooperating with, and in some cases, partnering with, private litigation to carry out enforcement. And we're no longer talking about just

Kendall Lovett: the large Fortune 100s, or the Metas, or the Alphabets of the world. We're talking about, you know, companies like, you know, Todd Snyder, who's a small to medium-sized business who was hit with a fairly large fine from California, as well as enforcement action a few months back.

Kendall Lovett: So I think this is sort of the number one factor that's driving this. Another thing is that, of course.

Kendall Lovett: in conjunction with this is that customer perceptions are changing, and the customers care about their privacy. You know, a recent study by Google indicated that 49% of customers would jump to a competitor if they offered a better privacy experience. I think this is a B2C,

Kendall Lovett: biased towards B2C organizations, but the truth is, all organizations are impacted by shifting customer perceptions around their privacy and how organizations should respect their privacy. And then finally, what's on everybody's lips? AI. Interesting to note that AI projects

Kendall Lovett: have a high propensity to fail, and that one in five of those, according to a recent study from S&P Global, fail or fail to meet their full ROI due to privacy. This is things like, hey, we've collected all this data.

Kendall Lovett: Do we have access, do we have rights to use this data? How long can we hold onto it? You know, what are the risks inherent in putting this sensitive or PII data into a

Kendall Lovett: GenAI or other AI project, and there's a lot of concern and risk about that. Without that visibility, it becomes really difficult to push these projects through. So I just want to call that out.

Kendall Lovett: As the why behind what we do what we do.

Kendall Lovett: So, DataGrail. DataGrail's approach is to be a complete data privacy platform. That's, has been our goal from the beginning. We are really geared towards privacy, security, compliance teams, non-technical teams that need to handle complex and large-scale privacy challenges with

Kendall Lovett: automation, and with intelligence. That's… that's our… that's our bread and butter, that's what we focus on. So at our core, you know, these four sort of key use cases, from data mapping and discovery.

Kendall Lovett: subject rights management, consent management, and privacy risk management are the four areas where we focus. And I'll show you in a minute how DataGrail uses patented detection and AI technology to really bring this all full circle from

Kendall Lovett: Figuring out what you've got, where your data is, how it's being used, what processing activities, are, you know.

Kendall Lovett: Leveraging your sensitive data that you're collecting on your consumers.

Kendall Lovett: how do we use that to then leverage and successfully and quickly automate DSR requests, whether we've got 10 or 10,000?

Kendall Lovett: DataGirl can handle that.

Kendall Lovett: And then, how are we representing that to our consumers on the front end, on our websites, in our mobile apps, and all of these areas, where we need to collect their consent and then ensure that we're actually respecting that preference that they've set?

Kendall Lovett: And finally, taking all of this information and putting it into a privacy risk management platform where we can both find

Kendall Lovett: detect…

Kendall Lovett: mitigate, and then show evidence of managing risk at scale. All of this is really built on DataGrail's integration network, 2,500 plus integrations, and this unified risk intelligence layer. That's probably enough of the architecture, so let's jump into what this thing

Kendall Lovett: actually looks like.

Kendall Lovett: And again, for those of you who've joined a little bit late, we will be taking questions throughout, so feel free to ask questions as we go, or, at the end, I'll save some time for that as well.

Kendall Lovett: Let's jump into the demo.

Kendall Lovett: So this is DataGrill.

Kendall Lovett: First thing you'll notice about DataGrill is that we are a unified platform, so everything you need from

Kendall Lovett: The full integration stack to, you know, any, privacy job to be done, whether you need to generate an assessment, track risks, consent management, look at your, you know, track your data map, request management, data discovery.

Kendall Lovett: all available in one place. We're not a platform built on a bunch of acquisitions or various tools that have been strung together, really foundationally built on a unified platform.

Kendall Lovett: So the way I like to start off when we think about consent… or, excuse me, when we think about privacy automation is the first thing we need to get is visibility into what's actually going on in our environment. DataGrill has a patented system detection approach.

Kendall Lovett: Where we don't just connect into your SSO tool. Yes, of course we can do that. We can connect into Okta or any of those other SSO platforms to start gathering systems, but we also have a patented system detection

Kendall Lovett: process where if someone adds, you know, a shadow IT tool, so, HR or marketing or somebody adds a new SaaS application, we can automatically detect those and flag them for you. So that's number one, is that, you know, we bring all these systems together.

Kendall Lovett: But beyond that, when we take a look at what's actually included in that system inventory, when a system comes into DataGrail, unlike with a lot of the other tools out there, we're not just gonna say, this system exists, here's a domain name.

Kendall Lovett: now you've got to either go tell us all this information about it, or you've got to go reach out to the… find the owner of this platform and get them to tell us all the information and send them a survey, or we've got to, you know, go run a scan and get access to credentials and go to a scan. DataGrill uses,

Kendall Lovett: AI and intelligence to automatically maintain and collect data for about 5,400 plus systems. When I say data, I mean metadata about what these systems are, what types of data they collect.

Kendall Lovett: How they're using it, and then we can use that to infer risk, and also any processing activities that are detected in that.

Kendall Lovett: So, for example, as we look at this system here, we've got, in this demo environment, 139 systems that have been detected in the system inventory by Datagrill. We can see, you know, 15.5 is an example here. I may come in as a privacy manager and say, I don't know what this is, I haven't heard of this tool before. I can see Datagrills indicating

Kendall Lovett: that there's high risk detected here. I can take a look at, okay, what processing activities is 15.5 involved in?

Kendall Lovett: What categories of data are they collecting? And again, this is just available the moment this system is connected in the data grill. We're not doing a scan, we're not going out and bugging anybody for this information. This is automatically available to you.

Kendall Lovett: And if I want, I can take a look deeper here at the system profile, and again, all this information is pre-filled, so I can come in and say, okay, this is performance management software, all right. I can automatically, DataGirl will scrape the privacy policy and any subprocessor data, so I can go look at that on their website if I want to.

Kendall Lovett: I can also look at,

Kendall Lovett: any risks that have been detected and decide what I want to do about those. So, DataGrill's flagged a risk here. I could click Review and see, okay, there's two risks here detected by DataGrill. One is AI and automated decision making.

Kendall Lovett: If I come in and look at more detail there, I can, get a quick overview of why this is a risk.

Kendall Lovett: Then I can choose to either, dismiss this, say, no, something we've already got covered.

Kendall Lovett: Or I can add it to my risk register, where we track risks centrally, and I can also choose to indicate an impact, a score. Beyond that, it's nice to know where you have risks, but ultimately, we want to know what we're going to do about them, right? So DataGrow will also suggest to you mitigation actions.

Kendall Lovett: So maybe 15.5 is a new system that's just gotten added, and we haven't run a risk assessment for it yet. And so I can kick off a risk assessment process automatically with Datagrail. I'll show you a little bit of what that looks like in a minute.

Kendall Lovett: And then I can also bring in collaborators, so if there's other people, a system owner or other folks that need to be involved in this process, we can kick that off and automate that process very quickly to help ensure that we are staying on top of any risks from these systems.

Kendall Lovett: And so that's a key part of it, but systems are only part of the story, right? Ultimately, we need to know, what are these systems doing with my data?

Kendall Lovett: So when we think about, processing activities, this is another piece of that data mapping puzzle, where DataGrail will also, in addition to finding information about the system, will also automatically recommend

Kendall Lovett: And, collect information about processing activities, how data is being processed throughout your environment.

Kendall Lovett: So, if we come to the processing activity section here, I could choose to add a new processing activity myself. DataGrow will also, again, suggest

Kendall Lovett: processing activities to me that maybe I haven't added yet, and I could come through and either automatically add all of these, or I could select, you know, just the one I want. Maybe I want to add an account and subscription management processing activity. I can see what systems DataGrail would connect to that processing activity that are involved in that process.

Kendall Lovett: And I can choose to add that, and then edit it myself, or add it manually. And again, the approach here is to streamline this as much as possible with intelligence.

Kendall Lovett: For you. So, if you think about it like, you know, it's gonna be tax season pretty soon. Many of us have probably used TurboTax. That's the way I like to think about the experience. There's a lot of information that

Kendall Lovett: needs to go into filling out a process activity to complete a ROPA, or to create… to create an assessment, that we already know about these systems and about the behavior of how they're using and processing sensitive data. We don't need to go ask

Kendall Lovett: the, you know, marketer who owns the system, or the, you know, ops person, we can infer a lot of this and get you 80% of the way there. So, for example, you'll see here, this is a processing activity that's been added for customer support. It's got a little, alert on it. We can take a look at it and see, okay.

Kendall Lovett: Here are the types of data that the system is collecting.

Kendall Lovett: any sensitive data is going to be flagged as such. Here are the types of subjects that it applies to. Here are the systems that are being used, right? And then I can see if I need to create Europa, this will flag to me, hey, here's the data we have related to EROPA for this… for this processing activity.

Kendall Lovett: A lot of this information, again, back to that TurboTax example, is going to be pre-filled, so we're automatically pulling this data in.

Kendall Lovett: And then you can say, okay, let's just take a look at what… what do we not know that you need from me? So I could look at only incomplete data and see, okay, we need to designate a joint controller, understand if joint controller is for this. For data transfers, we need to indicate a little bit of information here. There's two questions, right?

Kendall Lovett: And so I can come in and easily either fill this out myself, assign this to someone else to fill out, and instead of sending someone, like, a 50-page

Kendall Lovett: you know, ROPA document, or instead of tracking this in a spreadsheet, I'm just pre-filling, reviewing, and then adding any additional notes that DataGrill needs, and then we're off to the races. And from that point, I can easily

Kendall Lovett: download Europa and track this. DataGrow will also keep track of any activities that maybe need to be updated, that are getting stale, haven't been updated in, you know, the past 180 days, which is a ROPA requirement, and I could filter and see, you know, just those activities and update them accordingly.

Kendall Lovett: In addition, I'll show you quickly, the way we handle assessments. It's very similar, so I won't spend a ton of time on it, but from an assessment standpoint, you know, we can easily come in, and again, using that same approach of pre-filling information, DataGirl has out-of-the-box templates, pre-built.

Kendall Lovett: For many of the common assessments you're going to need to run, everything from a transfer impact assessment, DPIA, PIA, AI risk assessment, etc. And I could come in and see, you know, for example.

Kendall Lovett: If I wanted to create a DPIA for marketing.

Kendall Lovett: I could come in and, again.

Kendall Lovett: similar to what I've already shown you, DataGirl will automatically

Kendall Lovett: collect and fill out as much of this information as we can. We'll also, again, you'll notice a trend here, continue to flag any risks.

Kendall Lovett: that we're seeing, and you could also manually add risks here, too, as well, and say, you know, there's a problem or something that we need to address as we're filling out this DPIA, so we can keep track of that. And so, for example, in this situation, we've added a risk

Kendall Lovett: Related to potential unlawful data transfers that we're going to want to dig in… dig in on and see more about that. And all of that is available to you, in Risk Register. So this is a centralized place to track this information, so you can see that unlawful data transfer is tracked here.

Kendall Lovett: This is where we can go and have a complete list of what we're working on.

Kendall Lovett: Anything we need to mitigate.

Kendall Lovett: And then also a list of what has been mitigated, or what has been resolved, so we can keep track of performance over time.

Kendall Lovett: So when you think about this privacy management experience, the back-end experience of understanding what systems do we have, what types of data are those systems collecting.

Kendall Lovett: what processing activities is using that data? Is there any sort of high-risk activity, like AI processing or machine learning, you know, training going on as part of that? And then.

Kendall Lovett: how can I track that and ensure that we're managing any required assessments, ROPAs, all of that work? It goes from being very, very manual, very, very done in spreadsheets and email and, you know, sneaker mail, to all handled within DataGrail, all automated and streamlined as much as possible.

Kendall Lovett: So let's take a look at,

Kendall Lovett: Let's take a look at DSR management now. So when we think about the DSR process.

Kendall Lovett: Again, whether you get 10 requests a month or 10,000 requests a month, DataGirl can handle that. And what we've found from our customers is, depending on your industry and the type of business that you're in, it's not always about volume of requests.

Kendall Lovett: So we've got some customers that are in, you know, the B2C space, or they're handling a lot of consumer data, or they're dealing with highly sensitive data, and they may get thousands of access or deletion requests a month.

Kendall Lovett: And in many cases, if they're access requests, or they're very simple, basic requests, those can be fully automated, zero-click, end-to-end through data grills.

Kendall Lovett: API integrations that I mentioned earlier. There are other situations where we may have, sort of complex deletion requests, and we want to include a human in the loop in that process.

Kendall Lovett: DataGrill's very flexible in how we do that. And you'll notice that nothing that I've shown you so far and nothing I'm going to show you today requires, code. We make it, again, we realize that most privacy teams are not

Kendall Lovett: engineers, most privacy teams do not have a ton of access to development or engineering resources, and so while DataGirl does include

Kendall Lovett: access to things like a DataGirl API, if you want to go out and build your own custom solutions, we don't require that. Again, think of this more like Mac OS than Linux, and that's really the direction that we're trying to move, to help privacy teams access and manage this as much as possible.

Kendall Lovett: Themselves with automation.

Kendall Lovett: I'm gonna show you an example of what this looks like in the wild. So we're gonna go to one of our customers, Peloton.

Kendall Lovett: And we can see that, from their privacy page, DataGrill provides a hosted privacy request center. This can be as branded and customized as you'd like it to be.

Kendall Lovett: We'll also infer some things automatically. So, for example, this privacy request center knows that I'm in Utah, that's accurate, and it's going to give me a, you know, tailored experience to what rights are available to me in Utah.

Kendall Lovett: I can also come in here and customize this form as much as possible. We also have the ability to automate based on the user selections. So you could create an automated workflow based on all sorts of things, such as, you know, which products does this customer use? In this case, in the case of Peloton, they ask, is this a

Kendall Lovett: customer or an employee, and we're going to kick off a different workflow, depending on which one is selected, and I'll show you what that looks like in just a moment. But there's a lot of flexibility to make sure that we're handling the logic required to manage these DSRs, again, at scale, without you having to manually go in and run these.

Kendall Lovett: So to see an example of what that… of what that looks like.

Kendall Lovett: you know, in DataGrail, for DSR management, you don't have to create these automations, but let's take that example of the Peloton employee form.

Kendall Lovett: So in this case, if they were to create… if they were to submit a deletion request as an employee, then we can run and create a specific drag-and-drop automation workflow for that, where we can say, hey, I want you to check

Kendall Lovett: if this employee is covered by GDPR, if the GDPR policy pertains to them.

Kendall Lovett: And if they're a former employee. And if so, then we're gonna kick off the following

Kendall Lovett: Process, and that can include

Kendall Lovett: processing integrations in a certain order, so maybe we have a main database in Salesforce, or we have, like, a key, system of record. In this case, Greenhouse is our HR tool, that we want to make sure we hit first.

Kendall Lovett: and delete from those systems first, before we go run the process and all these other systems. Or maybe there's certain systems that we don't want to touch, and we know that. Essentially, what we're doing is we're replacing what typically is

Kendall Lovett: a human-to-human manual process of, again, emails, emails to system owners, right, emails to legal, or to our HR team, or whomever, and then following that leasing process, we're just automating that as a logic-based workflow. And again, all of this can be created

Kendall Lovett: with no code, very easy to do, and you don't have to create these to run DSR management, but they can be as simple or as complex as you want them to be.

Kendall Lovett: For time's sake, I'm going to keep, moving along here. The last piece we're going to hit on today is consent management. Now, DataGirl's approach to consent management is, what I like to call enterprise-grade consent without enterprise-grade complexity.

Kendall Lovett: So we make our consent platform as scalable and streamlined as possible. We're helping customers,

Kendall Lovett: you know, very, very large organizations, all the way down to, medium-sized businesses manage across either one domain or several domains, and a couple of ways that we approach that. So, number one, just how we

Kendall Lovett: approach consent from a configuration standpoint.

Kendall Lovett: Our default approach is a foundational integration with Google Tag Manager. The reason that we do this is because we find it streamlines

Kendall Lovett: the consent process on the website allows us to stay in sync with the website, and it allows DataGirl to become a unified place where marketing and legal and privacy and compliance can all operate together off the same tag management system. So that works well for a lot of our customers. However.

Kendall Lovett: If you don't use Google Tag Manager, if that's not something… you don't have the ability to do that, we also provide an embedded direct deploy option, which is very easy.

Kendall Lovett: We create the containers for you, we give you a snippet of code, you go put it on your website, and we can run directly on your site. And you can choose, you know, various settings about what you want to scan. For instance, if, you know, you use a

Kendall Lovett: a,

Kendall Lovett: management tool like Webflow, you can create specific integrations with Webflow or Shopify, etc. And that allows us to give you the flexibility you need to manage this in as streamlined a way as possible.

Kendall Lovett: The other thing you'll notice about DataGrill is that we are a holistic consent management tool, meaning that we're going to track, manage all of your trackers.

Kendall Lovett: And cookies and pixels, both.

Kendall Lovett: In browser, and things that are deployed third party. And so this allows us to automatically detect and bring these in. And this isn't, like, a monthly scan, this isn't something that we just require you to go in and run manually. We, run this continually. You can also automatically, you know.

Kendall Lovett: have it run that scan if you want, depending on, again, if you're using Google Tag Manager or you have a direct deploy model.

Kendall Lovett: But you can update that, and then again, we use AI to automatically detect the tracker, assign and recommend a category. Same thing with cookies. If you've got cookies, we have default rules. You can create your own rules.

Kendall Lovett: We'll also track unmanaged cookies and can automatically recommend and apply a rule to those so that you can stay on top of consent management and not

Kendall Lovett: Either have the concern of, False security, that, hey, this thing is just up and running, and, you know.

Kendall Lovett: we're good, right? You can see exactly what is managed and what is unmanaged and what needs your attention. At the same time, you always have clear visibility and clear auditability into consent compliance.

Kendall Lovett: Last thing I'll show you here real quick is just how easy it is to manage the consent banner with drag-and-drop tooling.

Kendall Lovett: So again, this should be a theme that you've heard a lot. Built for privacy teams. We don't require you to go write a bunch of SQL or JSON to deploy a consent banner. All of this can be done in a drag-and-drop manner.

Kendall Lovett: This can be customized to your brand as much as possible. I'll show you an example of that in just a second. And this is all, easily editable. So, for example.

Kendall Lovett: This sort of basic banner, we can include multiple layers, where we could say, you know, when they click

Kendall Lovett: customize my choices, right? We could take them to a category layer. We also have machine learning-driven,

Kendall Lovett: Translation here, so you can translate this into every language needed for you automatically.

Kendall Lovett: you can, show all that. We can also display tracker details. So, for instance, if you wanted to give them a full picture of,

Kendall Lovett: you know, what details and what trackers are being deployed on the page at the time. You can just quickly and easily add in a, you know, drag and drop here, where we will display that for them, and they can go in and review that.

Kendall Lovett: So all that's available to you. When you're ready to deploy that, you just…

Kendall Lovett: review and update, click a button, and we can automatically update that across all of your domains. Here's an example of what that looks like in practice. So this is one of our customers, XeroFox. You can see, simple, streamlined banner, fully aligned to their brand. Requirement, looks like it's part of their site.

Kendall Lovett: Multiple pages where they can come in and look at

Kendall Lovett: details around what's being tracked, make those selections easily, etc. In addition, you know, we'll also show, if they've got the GPC signal, you can add that in, where you can let customers know that we're already automatically respecting GPC or, any other sort of opt-out signal that may be deployed by the browser.

Kendall Lovett: So that's an overview of Datagrill. Again, this was a whirlwind. We covered a lot today in a short period of time.

Kendall Lovett: If you have any questions, now's a good time to ask them. Also wanted to,

Kendall Lovett: if you're interested in learning more about DataGrail, there is a survey here you can select, raise your hand, and we will, follow up. But again, ultimately, the goal here is to,

Kendall Lovett: The goal here, ultimately, is to give privacy teams a streamlined, AI-powered.

Kendall Lovett: Way to ensure compliance, eliminate risk, And drive customer trust.

Kendall Lovett: with as few engineering resources as possible. And I would just say that, you know, if you think about the teams that DataGrill is best for, we're really streamlined for organizations that, have a high

Kendall Lovett: risk, profile, so collecting a lot of sensitive data, as well as organizations that, where brand is on the line. You know, a lot of our customers are B2C organizations, organizations where they need to project that

Kendall Lovett: privacy.

Kendall Lovett: forward posture, and we make that as easy as possible to do. The outcomes of that are ensured compliance, right, faster AI adoption, because we're able to run and manage and unlock a lot of that, those AI projects with visibility into where the risks are, and staying on top of mitigating them quickly.

Kendall Lovett: And then, reducing that profile for organizations. So thank you for your time today. Hopefully this was helpful.

Kendall Lovett: And, we hope to talk with you again soon.

Kendall Lovett: Thanks, everyone.

Kendall Lovett: Thank you, have a great rest of your day.