Data Subject Request Flow
Handle GDPR / CCPA access and deletion requests with Meridian's automated identity verification pipeline.
Overview
When a user submits a data subject request, Meridian verifies their identity, locates all associated records across your infrastructure, and executes the requested action — export or deletion — within the regulatory window.
Step 1 — Intake
The request arrives via your privacy portal, email, or API. Meridian assigns a unique case ID and timestamps the submission to anchor the compliance clock.
Step 2 — Identity Verification
Before releasing data, Meridian challenges the requestor with multi-factor proof: email confirmation, account credential re-auth, or document upload for offline verification. No data moves until identity is confirmed.
Step 3 — Data Discovery
Meridian scans connected data stores — databases, object storage, logs, and third-party integrations — and compiles a manifest of every record tied to the verified identity.
Step 4 — Execution
For access requests, Meridian assembles a portable JSON export and delivers it securely. For deletion requests, it cascades removal across all stores and returns a signed certificate of destruction.
Audit Trail
Every step is logged immutably. The audit record includes timestamps, verification method, data sources touched, and the final disposition — ready for regulator review.