Best practice or process when honoring an EU lead's request to be removed from the database

Forum|Forum|7 years ago
July 18, 2018
3 replies
2792 views

When an EU lead asks to be erased from the database, is there a best practice to abide by other than simply deleting the person from each system that stores data on the individual (Marketo, CRM)?

Marketo

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Josh_Hill13

Level 10

you should discuss this with your legal team. Some issues that come up are:

Remove it from all systems.
record that you did the deletion
confirming with the requestor
is the requestor authorized to request this?
can you backup the person offline just in case?

J

Jamie_HunterAuthor

Level 2

Thanks Josh. I'll reach out to my legal team to confirm some of those items/issues.

Grégoire_Miche2

Level 10

Well,

That's roughly what "erase data" means, doesn't it?

You could anonymize it, but you need to know that it's impossible to fully anonymize a lead in Marketo.

Vote here:

-Greg

Amy_Goldfine

Level 9

With the caveat that we have a pretty robust InfoSec team and policy, this is our process:

1. Person emails privacy@, or whoever in the company received the initial request forwards to privacy@

2. Privacy@ triggers a Jira ticket, which is managed by an InfoSec team member

3. Team member verifies the legitimacy of the person/request

4. Person emails alias forgetme@, which has representatives from all business system stakeholders: Marketo, SFDC, Heap Analytics, and our own app

5. Members of forgetme@ each delete the person from their system, and reply-all back to forgetme@

6. Privacy@ confirms deletion with requestor

Amy GoldfineMarketo Champion & Adobe Community Advisor

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded