The GDPR & what it looks like in practice: user deletion request

Just when you thought you’d heard the last of GDPR, we’re back!

Quite right, too. The point of the legislation is that it facilitates consumer choice and supports customer rights. If May 28th was the last we heard of it, that would be more problematic, wouldn’t it?. Here at Content Insights we’re already taking action and we thought you’d like to know what that looks like.

We’ve just received a request from a user asking us to unsubscribe him from our email – and also remove his personal data.

After a short spell weeping in the corner, wondering what we’ve done wrong, we pull ourselves together, especially when someone points out they’d filed a similar GDPR request to another company the week before.

Support forwards the email to the DPO, who gets the ball rolling.

We all have a cup of coffee and argue over who gets to eat the last chocolate biscuit.

DPO informs our Founder (who also deals with data) and Backend Developer.

We find another packet of cookies in the cupboard and have a brief one-minute disco to celebrate.

DPO creates the task so the Backend Developer can begin deleting the data.

Founder and Support suggest that DPO contacts the user to let him know that the deletion is complete and ask him if anything else is needed.

Within the space of a day we’ve received the request, commenced the deletion, approved the job, informed the administrators that the user’s data has been deleted, let the client know and even managed to fit in a brisk 30 minute walk in at lunchtime.

Easy.