How to Comply with the Right to be Forgotten
Forget a customer? Why would you want to do that?
The answer is: “because the customer requested it.”
Welcome to the European Union’s General Data Protection Regulation (GDPR), which was passed in April 2016 and goes into effect in May 2018. If you have any European customers, it does involve your operation.
Here’s a one-line summary of the regulation: “The aim of the GDPR is to protect all EU citizens from privacy and data breaches…” The regulation is more than 260 pages long and is keeping a lot of lawyers and system security consultants very busy. It’s mainly about strengthening your system security measures, documenting them and obtaining explicit support from your organization.
This is all about securing your customer’s Personal Data. Personal Data, (sometimes called Personally Identifiable Information or PII), in the GDPR world, is anything that can be used to identify a specific individual. The GDPR’s perspective is that the data isn’t yours. It belongs to the customer so you need to take care that it isn’t misused.
To help us get a grasp on how that impacts your Advantage operation, let’s look at how you can satisfy one of the requirements of the regulation (I’ll be writing about other requirements later) and that is: how to forget a customer if the customer requests it. Here is a summary of that “right”:
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Think about how you would do that. This involves more than just changing their ‘OK to Promote’ indicator off (although we’ve heard that solution).
We recommend a procedure like this:
- Assuming the customer doesn’t have any active services or unpaid invoices, send the customer a letter (from a note using the letter feature) explaining what this means and requesting that they sign and return the letter to you. This provides documented authorization---and the opportunity to save them.
- Upon receipt of their written request, verify that the customer is still inactive across your system and then go through these steps:
- Delete/garble customer name and address data, social security number, birth date, gender and any data like that in user fields or questionnaire responses.
- Inactivate the customer record, turn off permissions and block the customer.
- Delete email addresses
- Delete email and address history records.
- Delete authentication records
- Inactivate Electronic Payment records
- Change the customer’s vendor record if they have one
- Log a note
The result of these actions effectively erases the customer’s personal data from the system.
Yes, this is a manual procedure. A new action could be created that would do the same thing. However, it’s expected that this is going to be an infrequent request.
Other systems that are updated with customer changes (such as a marketing or reporting databases) will automatically receive the updated information rendering the customer unusable there. The fact that Advantage takes the approach of not duplicating this data around the system makes this possible. Privacy by design is one of GDPR’s principles.