With this feature, you can purge or anonymize the personally identifiable information (PII) of individuals to have GDPR, CCPA, or other regulatory compliance. To erase the data of even a single individual in CDP, the system reads all PII data across all data stores, and rewrites a significant volume of data. This is a resource intensive process that should not be used for data rectification purposes, as rectifying data does not require updating all PII data across all data stores and can be performed in an efficient manner. Acquia recommends against misusing this feature for purposes other than the regulatory compliance.
Acquia is committed to act on GDPR and CCPA data erasure requests in a reasonable time of receiving the request. You must provide a sufficient lead time to process data erasure requests. Since purging PII data is a resource intensive process, data erasure requests process in batches. Completion timelines vary across requests.
By default, Acquia acts on data erasure requests from a data subject in 30 days of receiving a request. This happens unless the client requests for additional urgency. CDP needs at least 14 days to validate, schedule, and process data erasure requests.
CDP considers the data erasure requests from data subjects as urgent. A lapse in lawfulness of processing cannot be considered as a reason for urgency because these situations should be properly planned and communicated in advance. To allow sufficient time to purge the data, submit data erasure requests at least 60 days before a lapse in lawfulness of processing.
The following data is purged:
The following data is anonymized:
The following CDP data stores are managed:
The following CDP data stores are unmanaged, so they enforce less than 30 days retention policies:
To enable GDPR data erasure, contact Acquia support. CDP users with the
CDP production access role: Vega-full prod access are the only users who
can request access to this feature. After getting access, CDP users can grant
access to other users.
CDP offers a simple and self-service process for filing data erasure requests, and provides visibility to the status of data erasure requests.
A data erasure request can include a maximum of 200 identities. If you try to include more than 200 identiies in a request, the system displays an error. For more information, see Unable to create a batch with more than 200 records in data erasure.
These identities can belong to one or more customer profiles. Therefore, CDP allows you to create data erasure requests to delete identities that belong to one or more customers.
As a CDP user, you can make unlimited data erasure requests to manage compliance.
You can make a GDPR data erasure request in the following ways:
You can create data erasure requests to delete one or more identities of your customers.
To delete customer identities:
In the navigation pane, click 360 Profiles.
Search for a specific customer profile by using filters.
Based on your search criteria, CDP displays the results at the bottom of the page.
Select a specific customer from the search results.
Click the Identities tab.
CDP displays a card for each source system containing the customer, including details of the customer’s profile.
To delete a single identity, click Delete corresponding to the identity.
To delete multiple identities of a single customer, click Delete Multiple.
In Date of Customer Request, select the date when your customer requested for deletion of data. Note that CDP allows you to select a date no later than a month old.
In Reason, do one of the following:
In Review Identities, select the customer identities that you want to delete. Alternatively, you must clear all the identities that you do not want to delete.
Note
If a customer profile has a single identity, you cannot clear the selection of that identity. In other words, you cannot create a data erasure request without any identity.
Click Submit Request to initiate the data erasure process. After you submit the request, CDP displays a message with a request ID, the number of identities that are registered for deletion, and the number of profiles that are skipped. Identities are skipped if they are already submitted earlier.
Access the status page to view the request in the Pending status. After all the records are deleted, the status is updated to Completed. The system removes all customer records from all data stores.
To delete identities for multiple customers:
In the navigation pane, click Data Erasure.
Click Create Delete Request to start a data erasure request.
Search for one or more customer profiles by using filters. Note that CDP
uses the AND operator for more than one filter. If you do not find the
profiles you are looking for, adjust the filters.
Select the checkbox next to each profile in your results, and click Add to Request.
As you select additional profiles, the number of total selected profiles is displayed at the top of the New Delete Request page. In addition, the selected profiles are disabled.
To add more profiles, repeat the preceding steps. You cannot submit more than 200 identities at a time. For more information, see Unable to create a batch with more than 200 records in data erasure.
After you add all the profiles that you want to delete, click Review and Submit Request to review and complete the required fields.
CDP displays the Profile Delete Review page. You can view the total number of profiles and the identities in each profile. You can update the request to include or exclude specific profiles or identities. To update your request, do one of the following:
In Date of Customer Request, select the date when your customer requested for deletion of data. Note that CDP allows you to select a date no later than a month old.
In Reason for Request, do one of the following:
Click Submit to initiate the data erasure process. After you submit the request, CDP displays a message with a request ID, the number of identities that are registered for deletion, and the number of profiles that are skipped. Identities are skipped if they are already submitted earlier.
Access the status page to view the request in the Pending status. After all the records are deleted, the status is updated to Completed. The system removes all customer records from all data stores.
Note
After the retention period:
CDP allows you to leverage multiple filtering options to locate your data erasure requests.
To filter your results:
In the navigation pane, click Data Erasure.
In Request ID, specify the ID for your data erasure request.
In Customer ID, specify your customer ID.
In Created On, specify the date when the data erasure request is created.
In Expiration Date, specify the date by which the system fulfills the request. By default, the expiration date is 30 days from the Created On date.
In Status, select one of the following:
Click Apply.
CDP displays the data erasure request according to the specified filter
criteria. Note that CDP uses the AND operator for more than one filter.
If you do not find your request, adjust the filters.
You can cancel a data erasure request when its status is Pending.
To cancel a request:
In the navigation pane, click Data Erasure.
Locate the data erasure request that you want to cancel. Note that the status of the request must be Pending. You can also use filters to locate all the requests with Pending status. For more information, see Filtering data erasure requests.
Click the Kebab menu icon next to the data erasure request.
Click Cancel Request.
CDP displays a confirmation message.
Click Continue and Remove.
CDP cancels the request.
To view data erasure requests created through the Data Erasure or 360 Profiles tab:
Sign in to the CDP user interface.
In the navigation pane, click Data Erasure.
Filter your results. For more information, see Filtering data erasure requests.
Based on your filter criteria, the system displays the relevant data erasure requests with the following information:
CDP cannot process bulk data erasure requests or bulk purges of user data.
53 State Street, 10th Floor
Boston, MA 02109
United States
Phone: 888-922-7842