This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Internal Systems Integration for Even Better DSR Automation

Marc Llahona, June 9, 2022

Today we are excited to announce the updates we have made to our Internal Systems Integration.

What Do We Mean By Internal Data Systems?

When a Data Subject Request is made, the personal data that needs to be accessed or deleted lives in both easy-to-integrate Third-Party SaaS apps and what we call “Internal Systems”. Connecting to data in “Internal Systems” is more complex. It typically requires engineering resources, data is sensitive in nature with a high level of security and scalability considerations.

Examples of internal systems include:

  • Custom Databases:
    MongoDB, MySQL
  • Data Warehouses or Data Lakes:
    Snowflake, Redshift
  • Unstructured Data Stores:
    Elasticsearch, AWS S3
  • Internally Built Applications:
    Proprietary platforms and apps

DataGrail’s Internal Systems Integration capability makes it easier than ever for privacy teams to process data subject requests (DSRs) when personal data lives in internal systems like databases, data warehouses, or homegrown apps.

Connect to Personal Data, Wherever It Lives

DataGrail is known for how we leverage integrations to make privacy teams’ lives easier. We make it easy to get control of your data and automate DSRs. It’s all fueled by our DataGrail Integration Network, which does the heavy lifting to connect your privacy program with 1500+ of the most popular apps and infrastructure. Integrating with third-party SaaS apps like Salesforce, Zoom, Shopify, Braze, and Outreach is more important than ever as companies deploy more and more apps over time.

Yet privacy teams need to connect to personal data for access or deletion requests wherever it lives. And this includes Internal Systems—sometimes called first-party systems—which represent critical data infrastructure with a high level of security and scalability considerations.

Giving anyone outside your company direct access to your database is a security risk that can affect the integrity of your systems and the data stored in them. That’s why we’ve taken an API-based approach with Internal Systems Integration. Privacy teams can reduce the risk of DSRs getting processed too slowly or in an incomplete way when it comes to data stored in internal systems. And they’re able to process DSRs in just a few clicks.  But it doesn’t compromise on security and scalability. With an API between your systems and DataGrail, you can enforce least privilege principles with authenticated, tailored API access, and reduce the risk of data loss.

DSR Volumes Are Growing, So Secure Automation Is a Must-Have

As new privacy regulations emerge, and companies grow, they can expect volumes of data subject requests to increase as more people exercise their newfound privacy rights. That makes it more critical than ever for privacy teams to automate DSR fulfillment in a secure and controlled way.

Privacy teams have not always had great options for accessing or deleting personal data stored in Internal Systems for DSRs. Often have to rely on manually tracking, managing, and fulfilling requests through emails and spreadsheets, while still spending valuable engineering resources to access or delete personal data manually. Using automated solutions that require the need to give privacy vendors risky query access directly to their internal production systems.

Working with our customers, we understand that data in Internal Systems must be handled delicately because it is often:

  • Highly-sensitive: the data most critical to operating your business
  • Delicate: Altering certain data may have downstream effects (think of deleting a customer record and losing all revenue accounting for their associated orders)
  • Fluid: modern organizations move fast, and their internal data footprint can change rapidly. In some organizations, self-serve tools might allow a wide range of individuals to make changes to internal data structures

Our Solution

To solve the above pain points, we’ve introduced the DataGrail API Agent. This agent can be installed in your infrastructure and handles the communication between the DataGrail Application and your internal systems via a REST API interface.

The benefits of this approach include:

1. Connect to any and all internal systems

Install the agent once, and connect to any and all internal systems. Typical internal systems, AKA first-party systems, that you can connect with include:

  • Databases (e.g., MongoDB, MySQL, Postgres)
  • Data warehouses/lakes, (e.g., Redshift, Snowflake)
  • Unstructured data stores, (e.g., Elasticsearch, AWS S3)
  • Internally built applications (AKA homegrown apps or bespoke systems)

2. One seamless DSR workflow

Privacy owners can review data from any system—internal systems and third-party SaaS apps alike—and fulfill DSRs in a few clicks, all from our easy-to-use admin console.

3. Scale with your current and future data infrastructure

Your technical team is the expert on your data and internal systems, our solution allows you to create any business logic you would like in your own systems while maintaining a standardized interface with the DataGrail application. Our approach ensures separation of concerns between your internal data operations and the privacy operations of fulfilling DSRs in DataGrail.

Learn More About Internal Systems Integration

The DataGrail Agent for Internal Systems Integration is designed to be simple, robust, and flexible, enabling you to connect DataGrail to any of your internal data in a secure manner while maintaining a clear separation of concerns between your internal data operations and DSR request fulfillment in DataGrail. The DataGrail team is available to assist in your deployment of this technology in your internal environment. Current DataGrail customers can now contact their customer success manager to learn more about this new and improved capability.

For prospective customers, request a demo here to learn more about how we can help you automate even more of your data subject request process.

Stay informed on the latest data privacy news and privacy regulations and insights with our newsletter.