Data Subject Erasure Requests, made easy
Announcing the General Availability of Data Subject Request Erasure Forwarding, a simple and comprehensive way to automate the forwarding of data deletion requests throughout your stack.
Tesla Motor Company is credited with pioneering the global electric vehicle industry. On June 22, 2012, Tesla introduced the Model S, their flagship car. The car was a huge success, not only hailed as the best electric car, but the best car. At its peak, it was the first electric car to top monthly new car sales for any country (Norway in 2013 and Denmark in 2015).
But Tesla didn’t just stop there - they had greater ambitions to revolutionize the entire automobile industry. And they did with the Model 3, an electric vehicle that middle-class Americans could afford. But in order to service the broader market, Tesla had to solve the challenge of ramping up production. There was only one way to get there: automation. The solution? Robots - designed to eliminate dangerous, boring, repetitive tasks.
Automating privacy requests is a requirement to scale
Brands face a similar challenge. To rapidly scale in a digital-first world, they face a huge roadblock: privacy. One major privacy requirement is that every organization must respond to Data Subject Requests (DSRs) within a defined SLA window. And as a brand grows its user base, so does the number of DSRs it receives. But DSRs are expensive and ticky to process. For organizations still manually servicing DSRs, it costs on average $1,524 per request. Manual servicing of DSRs also means there is risk for human error, which translates into compliance risk.
With mParticle Data Subject Request Erasure Forwarding, brands service erasure requests more easily. DSR requests can be initiated from the mParticle Dashboard or programmatically using our Data Subject Request API. Erasure requests will be automatically forwarded to supported third-party outputs, and the forwarding status of requests can be monitored in our dashboard.
Support for additional DSR outputs including data warehouses
We now support 10 DSR output destinations, including recently added ones: Mixpanel, AppsFlyer, Branch, Snowflake, Google BigQuery, and Amazon Redshift.
New usability improvements
Privacy admins will now see a brand new dashboard on the data subject request page. This will provide them a quick view into the status of DSR requests, as well as the success rate of DSR erasure forwarding requests.
Additionally, to make troubleshooting easier, privacy admins can now verify which identities were forwarded to downstream partners by viewing the “Identities Forwarded” column within the DSR Forwarding Status.
CPRA looming on the horizon
While most of the brands in the EU have shored up their privacy response in order to prepare for the General Data Protection Regulation (GDPR), it’s clear that the vast majority of brands are not prepared for the California Privacy Rights Act (CPRA). As we approach the upcoming deadline of July 1st, 2023 (with a look-back to January 2022), the enforcement date set for the CPRA, a staggering 89% of brands say they are woefully underprepared and do not have an automated way to handle Data Subject Requests.
CPRA also amends the requirement to provide customers with opt-out consent with new language for “Do not Sell or Share My Personal Information”. This share requirement is interesting, because it potentially provides customers rights to limit the sharing of third-party data with social and advertising platforms, as well as second-party data with other entities.
Get ahead of the curve
Brands must prepare for changes in data privacy legislation now, or risk running out of time to adequately complete a scalable option. If one does not exist, brands should strongly consider forming a cross-functional data privacy team with representation from compliance, product, marketing, and data engineering departments.
Additionally, brands should exhibit a sense of urgency to take a deep look into their tech stack, especially as it pertains to how personal data is governed, and formulate a plan of action to remediate any risks or gaps in technical functionality required to address compliance needs at scale.
To learn more about mParticle Data Subject Request features, please refer to the Forwarding Data Subject Requests for Erasure docs for detailed instructions on how to create and activate your DSR outputs to start forwarding erasure requests.