Privacy laws and regulations usually mandate that a Request be completed within a certain time. GDPR mandates that a Request be completed within a month. CCPA mandates that all Requests except of type Opt-out or Unsubscribe be completed within 45 days and requests of type Opt-out or Unsubscribe be completed in 15 days. ‘TrustArc recommended settings’ supports 150+ countries/states/provinces. Admins can configure this “Due In Days” in IRM Portal beyond TrustArc’s recommended settings. You can configure the default due in days under Admin > Settings page.
Admins can create new Due In Days rules based on the country of residence of Data Subjects , Request Types, and Data Subject Types. Request Types and Data Subject Types are optional in the condition. States are supported for the United States, Provinces are supported for Canada, and state-level options are also supported for the United Arab Emirates (Dubai and Abu Dhabi).
One geographical area or country or state and Request Type combination can be used in only one rule. However, it is possible to have three rules, one for a geographical area, one for a country within that area and one for a state within that country. For example, there can be three Due In Days rules for North America, The United States and California. In this case, most specific rules will be used. Also, it is possible to have two rules for California but with different Request Types.
IRM provides “TrustArc recommended settings” for Due In Days. CCPA for California, SB 220 for Nevada, and GDPR for member states of the European Union and 3 EEA countries. If any contradicting rules exist, “Use TrustArc recommended settings” will provide a warning message and overwrite the rules for the above three regions. Any rules created for other areas would not be deleted.
While setting due date location is mandatory, Request Type and DS Type are Optional. Due to this, there can be many due in date settings that could be applicable for a request.
IRM uses the following logic to determine the due date setting applicable for a request:
(specific state, request type, DS type) match > (specific state, request type) match > (state, DS type) match > (specific state) match > (Country, request type, DS type) match > (Country, request type) match > (Country, DS type) match > (country match) > (Region, request type, DS type) match > (Region, request type) match > (Region, DS type) match > (Region match).
NOTE: Admins can export TA Recommended and Custom Due In data in CSV format. Click the Export icon in either table to export the currently displayed data. The exported file reflects the applied search filters and sorting configuration.