GDPR and the right to be forgotten

  • 2
  • Question
  • Updated 3 months ago
  • In Progress
Has anyone received any requests to comply with the right to be forgotten?

We are currently working through best methods of executing this and I'm wondering if anyone has come up with best practices or a guide to ensure personal data can be expunged.  Our strategy includes overwriting all contact information in SFDC upon request so the only remaining identifier is the ID.  It would be great to have a method for executing this in MDA as well without needing to know every place a name or email address has been stored.

I'm also curious how best to address this with limited access email opt-out records.
Photo of Dale Parent

Dale Parent

  • 716 Points 500 badge 2x thumb

Posted 4 months ago

  • 2
Photo of Dan Ahrens

Dan Ahrens, Official Rep

  • 24,802 Points 20k badge 2x thumb
Hi Dale, does your organization comply with 'right to be forgotten' requests by parties that are not covered by GDPR? I'm curious if your policies are allowing this faculty to be employed on both EU and non-EU citizens.
Photo of Dale Parent

Dale Parent

  • 716 Points 500 badge 2x thumb
Hi Dan, great question and yes if a customer asks to be "forgotten" we will honor that request.  There are forms to be filled out by the customer which include all necessary GDPR language, but EU citizenship is not a requirement.