Skip to content

DSAR Intake Tracker

Example prompt: "When someone submits our privacy request form on Typeform, create a row in our 'Privacy Requests' Airtable with a new case ID, their name, the request type (access, deletion, correction, or objection), the submission date, and a due date 30 days out. Send the requester an acknowledgement email from Gmail confirming we've received their request and that we'll respond within 30 days. Post a notification in #privacy on Slack with the case ID, request type, and due date so the DPO can triage it. If the request is for deletion or mentions a specific product, also @mention the relevant product owner."

The Problem

Data Subject Access Requests under GDPR and the UK DPA carry a one-month statutory response deadline, with limited grounds for extension. In practice the clock starts ticking the moment the request lands, but the request itself might arrive by email, a web form, or via a customer support ticket, and it can sit for days before anyone realises what it is. Miss the deadline and you have a reportable incident. Track it in a shared inbox and you get inconsistent acknowledgements and no audit trail of who did what.

How GloriaMundo Solves It

We build a workflow triggered by new submissions to a dedicated privacy request form. An integration step reads the form response and a code step computes the 30-day statutory due date. An LLM step drafts a clear, plain-English acknowledgement email and tailors the Slack notification based on the request type. Integration steps log the case in an Airtable tracker, send the acknowledgement from Gmail, and post a triage message to the privacy Slack channel. A conditional step routes deletion or product-specific requests to the relevant owner. Glass Box preview shows the exact tracker row, email, and Slack message before anything is sent, so the DPO can see and amend the response before the requester receives it.

Example Workflow Steps

  1. Trigger (webhook): Fires when a new privacy request is submitted through the Typeform intake form.
  2. Step 1 (integration): Fetch the full form response from Typeform, including the requester's name, email, and selected request type.
  3. Step 2 (code): Generate a case ID, compute the 30-day statutory due date from the submission timestamp, and normalise the request type field.
  4. Step 3 (integration): Create a row in the 'Privacy Requests' Airtable base with the case ID, requester details, request type, submission date, due date, and a status of "awaiting triage".
  5. Step 4 (LLM): Draft a polite acknowledgement email confirming receipt of the request, the case ID, and the 30-day response timeframe.
  6. Step 5 (integration): Send the acknowledgement from Gmail to the requester.
  7. Step 6 (LLM): Draft a triage summary for the privacy team, noting the request type, urgency, and any product the requester mentioned.
  8. Step 7 (conditional): If the request type is deletion or the submission mentions a specific product, add an @mention for the product owner defined in the Airtable routing table.
  9. Step 8 (integration): Post the triage message in #privacy on Slack with the case ID, request type, due date, and any @mentions.

Integrations Used

  • Typeform — the customer-facing privacy request intake form
  • Airtable — the tracker holding all open and closed privacy requests, with statutory deadlines and status
  • Gmail — sends the acknowledgement email to the requester
  • Slack — triage notification in the privacy channel for the DPO and product owners

Who This Is For

Data Protection Officers, privacy counsel, and operations leads at companies that receive DSARs on a regular basis — typically any business handling personal data for UK or EU residents, where missed deadlines are a regulatory and reputational risk.

Time & Cost Saved

Manually triaging a DSAR, logging it, and sending a proper acknowledgement takes 15-30 minutes per request and is easy to drop when priorities compete. This workflow reduces the intake effort to a glance at the Glass Box preview, and the Airtable tracker produces a defensible audit trail with no extra work. For a business receiving a few requests per week, that is roughly 2-4 hours saved and a meaningful reduction in the risk of a missed statutory deadline.