Ghost
ResourcesPricingSecurity
Get started
ResourcesPrivacy Request Manager overview

On this page

  • Navigation
  • Cases and workflow
  • Templates and reports
  • Public intake and configuration
  • Matter switching

Privacy Request Manager overview

Tutorial: use the dashboard (DSARs/SARs), create a case, work through tasks, run reports, and configure intake and retention.

Last updated April 2026

Navigation

This tutorial explains the Privacy Request Manager (known as DSAR Manager under GDPR) from the ground up. A privacy request is when someone asks your organisation for a copy of their personal data or exercises related rights under applicable privacy law.

  1. Pick the correct organisation and, if your org uses them, the correct matter in the header before you open the Privacy Request Manager. Cases you create will belong to that matter.
  2. Open the header tools menu and choose Privacy Request Manager.
  3. You land on the Dashboard. This is a board or list of cases with filters so you can focus on deadlines and status. The number of active cases you can have depends on your subscription (see the pricing page for details).
  4. On desktop, use the left sidebar. You should see Dashboard, New Case, Templates, and Reports & Analytics. At the bottom there is Configuration for settings such as intake and labels. If the sidebar is collapsed, expand it so the labels appear.

Cases and workflow

Each case is one request. Think of it as a folder that holds everything for that person's privacy request from start to finish.

Create your first case

  1. Click New Case in the sidebar.
  2. Fill in the basics your form asks for: who requested the data, what type of request it is, and how it arrived (email, form, and so on).
  3. Set a deadline if the form does not set one automatically.
  4. Save. You should return to the dashboard or open the new case detail view.

Inside a case you will typically find the status (for example open or closed), the deadline, tasks with checklists, comments (you can @mention colleagues if notifications are configured), and space to link or describe a response pack (the documents you will send back).

The case screen also shows a timeline of important events. If your role includes audit export, you can prove who changed what and when.

Closing, archiving, or deleting a case may require a higher role. If you do not see those actions, ask an owner or admin.

Templates and reports

Templates save time when many requests look alike. A template might add default tasks, boilerplate text, or a standard checklist.

  1. Open Templates in the sidebar to see what your admins have published.
  2. When you create a case, choose a template if the new-case screen offers one.

Reports & Analytics uses a tabbed layout so you can switch between different views without leaving the page:

  • Summary gives you a high-level operational snapshot: volume, response times, and status breakdowns.
  • Analytics digs deeper into trends and timing across your caseload.
  • Audit produces exportable records of who did what and when, for internal governance or regulator requests.
  • Compliance generates regulator-ready packs that prove your process meets privacy law response obligations.

If a report tab is empty, you may simply have no closed cases yet, or your role may not include export. Check with an admin if you expected data. For a full walkthrough of every tab, see Privacy request analytics and reports.

Public intake and configuration

Some organisations add a public web form so individuals can submit a privacy request without emailing a shared inbox. Submissions create or update cases according to rules your admin configures under Configuration in the sidebar footer.

Configuration (accessible to admins) contains several sections:

  • Public Intake Form lets you enable or disable the form and copy the shareable URL that individuals use to submit requests.
  • Identity Verification controls whether new intakes automatically trigger a verification email or whether your team sends one manually from the case view.
  • Branding lets you upload a logo for the public intake form so individuals recognise it as official.
  • Custom Intake Fields adds extra fields to the intake form (for example, account number or customer ID) alongside the standard ones.
  • Data Retention sets auto-archive and auto-purge timelines for completed cases. Archived cases are hidden from the active dashboard but still accessible. Purged cases and all associated data are permanently deleted.

If you never see intake or configuration options, your role may not include admin permissions or your plan may not include the feature. Your administrator can confirm. For a full walkthrough of every configuration section, see Privacy request intake and configuration.

Matter switching

Whenever your organisation uses multiple matters, get into the habit of checking the active matter before you create a case or read reports. Cases stay with the matter where they were created. Switching matters only changes which cases appear on your dashboard; it does not merge or move existing cases.

If you have not read it yet, start with Introduction to Ghost for the big picture.

PreviousAdvanced redaction techniquesNextPrivacy request analytics and reports
© 2026 Ghost. All rights reserved.
ResourcesPrivacyTermsSecurity