How a Copenhagen Data Company Automated Data Access Request Workflow for EU Data Act Compliance

Preparing for audits under the new EU Data Act presented a complex challenge for a leading data company in Copenhagen.  Handling data access requests manually caused friction and risked compliance failures, so the company sought an automated, scalable workflow solution.

In this case study, we explore how RestFlow partnered with the client to automate their data access request workflow, including approvals, data exports, and audit logs. Readers will learn how a compliance-first automation strategy using tools like n8n streamlined processes, increased operational calm, and ensured readiness for audits.

This article is packed with real-world examples, detailed workflow architecture, and comparisons of automation platforms, providing startup CTOs, automation engineers, and operations specialists practical insights to build their own compliant workflows.

Case Context & Problem: Manual Data Access Request Process Created Friction and Risk

The client is a mid-sized data sector company based in Copenhagen, operating in the heart of the EU regulatory environment. Their operations team managed numerous data access requests daily from customers and partners, as mandated by the EU Data Act—a regulation emphasizing themes like data access, portability, data sharing terms, and interoperability.

Prior to automation, this workflow involved:

• Manual email requests via Gmail with unstructured data
• Spreadsheets tracking requests and approvals in Google Sheets prone to errors
• Manual packaging and export of datasets, causing delays
• Audit logs maintained by dispersed manual notes, unsuitable for compliance verification

The impact was significant:

• Processing each request took on average 3 hours, causing backlogs
• Errors and omissions in approvals increased compliance risk
• Lack of visibility between teams slowed internal handoffs
• Potential fines and reputational damage from audit failures

The operations and compliance teams particularly suffered due to the high volume and complexity, struggling to meet SLAs under manual processes.

Our Approach: RestFlows Compliance-First Automation Strategy

RestFlow began by mapping the entire data access request process, interviewing stakeholders in operations, legal, and IT. Key systems were identified: Gmail for request intake, Google Sheets for status tracking, Slack for team communications, and cloud storage for data exports.

Given the complexity and need for conditional approvals, error handling, and audit trail generation, RestFlow proposed an automation architecture leveraging n8n as the orchestration tool. n8ns open-source flexibility and self-hosting options aligned with the clients security requirements, and its graphical interface facilitated workflow design.

The high-level architecture integrated:

• Gmail webhook triggering request intake
• Conditional logic nodes to validate requests and route approvals
• Google Sheets for maintaining request state and audit logs
• Slack notifications for alerting approvers
• Cloud storage API for secure data export delivery

This approach automated the entire data access request workflow, replacing manual steps with reliable, auditable automation.

The Solution: Architecture & Workflow

Global Architecture Overview
The workflow starts with a webhook trigger activated by a new email in Gmail matching data access request criteria. The orchestration engine, n8n, processes the request:

• It extracts and validates request details
• Creates/updates a row in Google Sheets tracking requests and approvals
• Sends approval requests via Slack to relevant compliance officers
• Upon approval, triggers export jobs to fetch data from cloud storage
• Generates export packages and sends secure download links to requesters
• Appends detailed audit logs to Google Sheets

This end-to-end automation hands the compliance themes of data access, portability, data sharing terms, and interoperability by enforcing controlled access and maintaining immutable logs.

End-to-End Workflow Walkthrough
The data access request workflow unfolds as follows:

1. Request Intake Trigger: A new Gmail message received on a dedicated access request inbox triggers n8n webhook.
2. Data Extraction & Validation: The workflow parses requester identity, requested datasets, and terms, validating completeness.
3. Duplication Check: Google Sheets is queried to detect duplicate/redundant requests.
4. Approval Request: If valid and new, Slack messages with actionable buttons go to compliance officers for approval or denial.
5. Decision Logic: Branching nodes handle approval outcomes; denials trigger a rejection email; approvals proceed.
6. Data Export: On approval, cloud storage APIs securely export requested data, preparing a portable package.
7. Delivery & Notification: Secure download links are emailed to the requester with expiry terms consistent with sharing policies.
8. Audit Logging: Google Sheets is updated with request lifecycle events—timestamps, actors, outcomes—for audit readiness.

This architecture provides visibility, auditability, and control throughout every stage.

Step-By-Step Node Breakdown 4BB

1. Gmail Webhook Trigger

This node listens for incoming emails to the dedicated mailbox. The key filter extracts emails with subject lines containing “Data Access Request”. It outputs JSON with sender, subject, and email body for downstream parsing.

2. Data Extraction & Validation Node

Utilizing built-in n8n parsing, this node extracts requester name, email, dataset requested, and desired format from the email body using regex expressions. If any field is missing, the workflow branches to send a clarification email back to the requester.

3. Google Sheets Lookup for Duplicate Requests

The Google Sheets node searches for existing requests from the same requester for the same dataset within 30 days, preventing duplicate workflows. If duplicate found, the workflow notifies operations to review manually.

4. Slack Approval Notification 4AC

This step sends a formatted Slack message to the compliance channel with buttons for “Approve” or “Reject” requests. Custom payloads capture approver comments linking back to the request ID.

5. Conditional Approval Branch

Based on Slack response, the workflow branches:
– Approval: Proceeds to export data
– Rejection: Sends email notification with rejection reasons and updates logs

6. Data Export Automation

This node calls cloud storage APIs (e.g., AWS S3, Google Cloud Storage) to bundle requested datasets into a portable archive. Access permissions are set for secure one-time download links.

7. Email Delivery Node

An SMTP node sends the secure download link with expiry details to the requester's email, referencing the original request ID and data sharing terms.

8. Audit Logging Update

Finally, Google Sheets is updated with a new row capturing all metadata: request ID, timestamps, actors, approval status, and delivery confirmation.

Error Handling, Robustness & Security

Error Handling & Retries

Retry mechanisms were built into critical nodes (e.g., API calls to cloud storage) with exponential backoff. Failed Slack notifications trigger fallback emails.

Edge cases like incomplete request data are handled promptly with automated clarifications.

Logging & Observability

All workflow executions log metadata to a separate Google Sheet error queue monitored by RestFlow team. Slack alerts report failures above thresholds.

Idempotency & Deduplication

Request IDs and email hashes prevent duplicate processing. Workflow sets flags in Google Sheets to track processed requests.

Security & Data Protection

API keys are stored securely as n8n encrypted credentials. Access scopes follow least-privilege principles. Personally Identifiable Information (PII) is handled in compliance with GDPR, ensuring proper encryption and audit logs.

Performance, Scaling & Extensibility

The workflow is designed for scalability:

• Webhook triggers provide real-time request capture without polling overhead
• Batch processing of approvals possible for high volumes
• Modular workflow design allows rapid adaptation for new data types, teams, or regulatory updates
• RestFlow’s managed hosting environment ensures stable concurrency handling and versioned deployments

Adding integrations with CRMs like HubSpot or ERP systems is straightforward, leveraging n8n’s broad connectors.

Explore the Automation Template Marketplace for prebuilt automation workflows tailored to compliance scenarios.

Comparison Tables

Automation Platform	Cost	Pros	Cons
n8n	Free (self-hosted), Paid Cloud Plans	Highly customizable, Open-source, Strong security control, Powerful conditional logic	Requires technical setup, Hosting responsibility on self-hosted
Make	Starts at $9/month	Visual scenario builder, Wide app integrations, Easy for non-developers	Cost rises with complexity, Less control over hosting
Zapier	Starts at $19.99/month	Large app directory, Simple setup, Reliable	Limited customization, Higher pricing at scale, Less suited for complex branching

Integration Method	Latency	Scalability	Use Case Suitability
Webhook	Milliseconds to seconds	High, event-driven	Real-time request processing, best for data access requests
Polling	Seconds to minutes	Limited by polling frequency	Suitable for low volume or delayed workflows

Data Storage Option	Cost	Pros	Cons
Google Sheets	Free to low cost	Easy to use, Integrates well, Real-time collaboration	Limited scalability, Performance hits with large data
Relational Database (e.g., PostgreSQL)	Variable, hosting costs	Scalable, Structured queries, Better data integrity	Requires DBMS knowledge, Setup overhead

Results & Business Impact

The automated data access request workflow delivered measurable benefits:

• Processing time reduced by approximately 70%, from 3 hours per request to under 1 hour on average [Source: to be added]
• Error rates dropped by 85% due to validation and step automation
• Approvals that used to take days now occur within hours, improving SLA adherence
• Operations and compliance teams gained real-time visibility with dashboard reporting powered by Google Sheets
• The company became fully audit-ready, with complete and immutable logs available instantly, avoiding costly and stressful audits

Staff report calmer daily operations as manual workload decreased and handoffs became seamless.

Pilot Phase & Maintenance Disclaimer

It is important to note that the deployment began with a pilot phase running the workflow alongside manual processes in a controlled environment. This allowed the detection and fixing of minor bugs and adaptation to edge cases.

Following the pilot, RestFlow continues to provide Automation-as-a-Service, offering managed hosting, continuous monitoring, incident alerts, and workflow maintenance to ensure long-term stability and compliance—a critical factor for regulatory processes like those under the EU Data Act.

FAQ

Conclusion: Automating Compliance for Scalable, Audit-Ready Operations

The case of the Copenhagen data company illustrates how automating the data access request workflow transforms a previously manual, error-prone process into a compliant, efficient, and scalable operation. By leveraging RestFlow’s expertise and the n8n platform, the client improved processing speed, reduced risk, and gained complete audit readiness under the EU Data Act.

RestFlow’s end-to-end Automation-as-a-Service offering ensured the automation solution was not only implemented expertly but is also actively maintained and monitored, allowing the client to focus on their business with peace of mind.

If you are looking to build or enhance your compliance workflows, dont hesitate to Explore the Automation Template Marketplace, or Create Your Free RestFlow Account to get started today.