How to Manage A Deluge of Data Privacy Requests

Published in

affinityanswers-tech

4 min readDec 26, 2023

How we at Affinity Answers handled a deluge of Data Subject Access Requests (DSAR).

Affinity Answers by the virtue of handling consumer’s personal data, is subject to the emerging privacy regulations and complying with consumer’s rights. Consumer’s can send Data Subject Access Requests (DSARs) to exercise their rights under data protection laws, such as the General Data Protection Regulation (GDPR) in Europe or similar laws in other regions.

What is Data Privacy?

Data privacy empowers individuals to maintain control over their personal information. It allows them to decide how their data is collected, used, and shared. Entities that aggregate personal information bear the responsibility of safeguarding and ensuring the security of such data.

According to the California Consumer Privacy Act (CCPA), consumers are given greater control over the personal information that businesses amass about them. The following are specific privacy rights granted to consumers as per CCPA.

The right to be informed about the personal information that a business acquires, along with details on its utilization and sharing.
The right to request the deletion of personal information collected about them, subject to certain exceptions.
The right to opt out of the sale or sharing of their personal information.
The right to non-discrimination when exercising their CCPA rights.

As per GDPR and the US State privacy laws, the response times for each right varies and it is imperative to be compliant to these laws. Affinity Answers has always been a privacy first company and has been compliant right from GDPR, the first regulation went into effect, May 2018.As the subject access requests started scaling, an automation was put in place to reduce manual effort and be compliant.

What was the challenge?

It’s encountering the overflow of Data Privacy Requests.

Our inbox has been inundated with requests related to data privacy. Initially, while we handled the requests traditionally, an abrupt surge resulted in an overwhelming influx of requests. The privacy request volume is relatively high, it is not efficient to extract the personal data that is mentioned in the requests (refer to the below image) and respond to those requests manually. We did process the requests manually when the flow was less than 5 per day.

The sample data removal request mail is given in the screenshot below. Our goal is to get the Subject of the mail, Date, Name, Address, Email, and sender’s mail address.

How automation is important here?

Automating tasks in Gmail using Appscript not only saves valuable time but also enhances the efficiency of managing the mailbox.

Here comes Apps Script!

Let’s extract the requests from the inbox to the spreadsheet.

Integrating Gmail and Google sheet via Apps Script

Steps to be followed to get the requests in the spreadsheet.

Create a new Google Spreadsheet.
Create Apps Script by navigating Extensions-Apps Script and create a function using the Apps Script editor.
Create a function to add a custom menu to execute the Google Apps Script.
Schedule the trigger to run the Apps Script as required.

There are certain limitations in Google Apps Script to extract emails and populate a spreadsheet. The limitation is 500 emails/day for Gmail/Google Apps users. To extract more emails, paginate the responses using the page_token(will see in detail in the script below).

Scripts for different use cases:

To get the FIRST 500 emails:

2. To get MORE THAN 500 emails:

3. To get the emails from LABELS:

4. To get NEW emails only:

We can create custom menus within Google Sheets, enabling end users to conveniently access the features that we’ve developed using Google Apps Script.

function onOpen() {
  var ui = SpreadsheetApp.getUi();
  ui.createMenu('GetMeInSheet')
      .addItem('Get Email', 'getEmailsHere')
      .addToUi();

Schedule Time-driven trigger:

Time-driven triggers are used to run a function in the script periodically OR at a specific date and time in the future.

Conclusion

Automating the process of extracting emails and integrating them into a spreadsheet has saved significant time, minimized the likelihood of human errors, and promoted overall workflow efficiency. Now handling DSAR requests is no longer a nightmare.