How To: Test a "Download Your Data" Request

Step-by-step guide for QA'ing your connected integrations with Ethyca

Once your integrations have been added to the Ethyca Control Panel and Atlas has been deployed, you can use this guide for a walkthrough of the end to end testing and validation process.


  1. You must have a user account with both UAT and production access to the Ethyca Control Panel
  2. Access to your Ethyca privacy center at https://<yourcompany>
  3. A handful of test users created with an accessible email address in each database and 3rd party SaaS integration system
  4. You must have NOT run an Erasure Request yet for the test users' email addresses.

End to end testing for Access Requests

Step 1: Go to your Ethyca Privacy Center at https://<yourcompany> and click "Download Your Data"


Step 2: Complete the 2FA challenge using an accessible email address

You will want to make sure you have access to the email address in which you submitted the request, so that you can complete the MFA process and receive the DSR package.


Once your identity has been verified as the test user, the details of the data subject request are sent to your Ethyca Control Panel on the backend. You will automatically receive an email confirming that your company has received their request, that your team is processing it, and you will be updated with a follow up email as soon as the request has been completed.

Step 3: Use your UAT account credentials and log into your Ethyca Control Panel at

Step 4: Click "Subject Request" on the left navigation bar. Your pending "SAR" request should be visible in the "For Review" column.


Step 5: Click "Approve" to approve the request and verify what data is returned to your inbox in the subject request package. You will want to verify you are seeing data across all known systems.

Step 6: Once Ethyca has processed the request, you will automatically receive a confirmation email. As soon as the request has been completed, you will receive a link to view and download all of the personal data that your company has processed about the test user. If no records are found, you will instead receive an automated email confirming there is no data associated with the account details provided.


Step 7: You will be able view a copy of each category of personally identifiable information that your organization has processed about the test user in the SAR package.


DSR Customization Pro tip: To verify the quality of the data being delivered to a user in the SAR package (depicted above), we recommend changing the custom label to be the source system for testing purposes. Once testing is complete, you can then remove the system name from the label, so it does not display to your customers/subjects.


Selecting the "User Can Download" checkbox will indicate a field of data will be returned to a user.

We also recommend editing your DSR Customization settings to make sure you are reviewing what personal data is being returned in the download package. This may include working with the business owner for each of these tools to help provide context around what data points they would want to return to a user.


Throughout the process, we are available to help with QA and validation. Please contact [email protected] or your dedicated Customer Success Manager if you require any technical assistance.