Capture what was actually asked
Record the right being exercised, received time, identity status, scope and response target—without assuming every privacy email is the same request.
Managed request operations
Trace is an early-access concierge service for product teams whose user data is spread across cloud tools. It scopes the request, organises available evidence and prepares a response pack for authorised human review.
The operating problem
A single person may appear in authentication, product, billing, support and storage systems under different identifiers. The legal deadline does not create an operational owner.
Record the right being exercised, received time, identity status, scope and response target—without assuming every privacy email is the same request.
Link identifiers to the relevant systems, document access methods and make missing or uncertain sources visible.
Put the export, response draft, exception notes and event timeline in front of an authorised reviewer.
One review boundary
The exact output depends on the right, verified scope and available records. Trace does not describe a pack as complete when a source or decision is still outstanding.
Request classification, identity state, scope, dates, customer instructions and open questions.
Records located by source, retrieval method, identifier and any known coverage gap.
Draft response or action plan, exception flags, delivery package and timestamped case events.
Legal clock, operational plan
Under GDPR Article 12, the controller must provide information on action taken without undue delay and, in general, within one month. A further two months may be available where necessary because of complexity or number of requests, but the individual must be informed within the first month. The European Data Protection Board explains the timing; the legal text is in Article 12 GDPR.
Trace’s proposed 24-hour target is deliberately narrower: assemble the available case materials for review. It is not a replacement deadline, legal guarantee or promise that a request can always be closed the next day.
Product truth: Trace is pre-launch. Connector coverage, reviewer capacity, security terms and the 24-hour service target must be confirmed in an accepted pilot scope before live personal data is handled.
A right-of-access request has specific requirements under Article 15 GDPR. Erasure, rectification, restriction, objection and portability are distinct rights with their own conditions. The workflow should preserve that distinction and escalate uncertainty rather than force every case through the same template.
Scope before automation
Clear boundaries matter more than broad feature claims when personal data and legal rights are involved.
A controlled first request
Start with one scoped request. Trace is preparing a limited number of concierge pilots for modern product teams.