Appian Data Privacy


Provides an all-in-one solution for managing Data Privacy/GDPR requests, replacing cumbersome email-based handling with a robust, traceable, and transparent task-driven approach.

Many companies rely on email to handle Data Privacy/GDPR requests. They instruct citizens to email their data privacy requests to a specific company email address and then continue to use email for routing the internal tasks for handling the data privacy request and spreadsheets to track the requests. There is little to no ability to audit their compliance if requested by a regulator. This is slow, inefficient, and not easy to monitor for compliance.

Key Features & Functionality

The Appian Data Privacy app leverages Portals to accept data privacy requests via a website. Users are required to confirm ownership of their email to prevent email spoofing. The Portal lets them know what to expect and also sends them a follow-up email so they know their request was received. All the language in the Portal can be adjusted via the Admin interface without needing to make design object changes or republish the Portal.

The system allows Administrators to enter their various systems that will need to be reviewed as part of a data privacy request and specify which users are responsible for handling requests within those systems. When new requests come in, tasks are assigned to each system owner to review their system and complete their part of the data privacy request. The status of each request is recorded and available to Data Privacy administrators on a dashboard, with key analytics on number of requests and time to respond. All requests and the handling of those requests are recorded for later audit and compliance review.

In addition, special requests and requests for privacy advice from the Data Privacy administrator can be handled by the app. If a system administrator has a data privacy issue, they can flag it for review by the Data Privacy administrator.

In addition, members of the public can make non-standard privacy requests that can be routed directly to the Data Privacy administrator.

Finally, an in-app tool allows the Data Privacy administrator to configure the messages to members of the public and to the system administrators. In this way, the text of privacy communications and the portal itself can be edited to account for changes in law, regulation or company policy.

  • Hi,

    This plugin still does not have details around how to get past this stage in the process model ; the running process hangs at the highlighted node.

    The highlighted node calls the below query rule that (as can be seen from the below screenshot) returns no results.

    There is no documentation or clarity on what needs to be done now to get this to work.  Please advise as we are keen on using this in our application asap.

  • Hi

    I have downloaded and imported this plugin for evaluation and have a few questions.

    The documentation "ReadMe" does not say anything about what data needs to be in the GDPR_System record type table.  The SQL scripts that come with this product currently do not have any insert scripts into this table.

    As a result the process hangs at this node.

    Are some SQL scripts missing ?  Could you please help document this better ?

  • v2.0.0 Release Notes
    • Adds task list to the site for specialists
    • Makes small corrections to default text bundles