Question

GDPR and the right to be forgotten

dale_parent
Has anyone received any requests to comply with the right to be forgotten?



We are currently working through best methods of executing this and I'm wondering if anyone has come up with best practices or a guide to ensure personal data can be expunged.  Our strategy includes overwriting all contact information in SFDC upon request so the only remaining identifier is the ID.  It would be great to have a method for executing this in MDA as well without needing to know every place a name or email address has been stored.



I'm also curious how best to address this with limited access email opt-out records.

3 replies

dan_ahrens
Rank
Userlevel 7
Badge +2
Hi Dale, does your organization comply with 'right to be forgotten' requests by parties that are not covered by GDPR? I'm curious if your policies are allowing this faculty to be employed on both EU and non-EU citizens.
VP of Customer Success at Forcepoint
dale_parent
Hi Dan, great question and yes if a customer asks to be "forgotten" we will honor that request.  There are forms to be filled out by the customer which include all necessary GDPR language, but EU citizenship is not a requirement.
jparker
Rank
Userlevel 3
Badge +3

Hi @dale_parent 

I’m working through this myself currently. Did you manage to get yourself to a compliant state or were there any particular challenges you encountered?

I’ve used the GDPR reports/dashboard in Sightline Vault and enhanced that with reports for all of the other MANY objects that have a name/email address field

My current concern is personally identifiable data contained in text fields which can’t be filtered in reports nor rules — i.e. the Email Body field for timeline activity

How did you overcome this?

Reply


Terms & ConditionsCookie settings