Streamline GDPR and CCPA / CPRA Erasure Requests with mParticle DSR Forwarding
Announcing the Beta release for Data Subject Request Forwarding. With this feature, compliance and customer service teams can automate away manual tasks required to service DSR erasure requests.
Regulations like Europe’s GDPR, California’s CCPA / CPRA and Brazil’s LGPD provide consumers rights over their personal data. Specifically, this includes amongst others the right to access (view what personal data has been collected), portability (request their data to be transmitted to another legal entity), correction, and erasure (ask for it to be deleted altogether).
Under these legislations, companies must handle data subject requests within enforceable deadlines. For example, when a user initiates a deletion request, a company only has a month to comply under the GDPR and 45 days under the CCPA / CPRA.
Challenges of scaling manual compliance workflows
For most companies, responding to data subject requests requires time-consuming workflows involving ticketing systems or spreadsheets for project management. According to Gartner, most organizations are still manually servicing DSRs at an average cost of $1,524 per request.
For example, a typical erasure workstream entails:
- Determining what data you’ve collected about them
- Understanding where that data is stored
- Submitting erasure requests to 3rd-party data processor
Repeating Step 3 for every tool in your tech stack where customer data is stored
- Communicating back to the customer after validating the request has been completed
mParticle offers the capability to submit and monitor the status of DSR requests in our dashboard via a simple user interface as well as programmatically using our Data Subject Request API. These existing features enable compliance teams to cut down the bulk of work required to service DSRs, for data that is stored in mParticle.
To service DSRs across the tech stack, however, compliance teams have had to repeat this process for every other tool that houses data . Not only is this cumbersome and time consuming, but it also presents a compliance risk. Manual processes introduce human error, such as forgetting to confirm that requests have been forwarded for processing in all downstream systems.
Organizations that have app development resources at their disposal can attempt to build a custom in-house solution to automate the end-to-end flow of processing DSR requests. However, this requires a high level of effort to build and maintain integrations to each 3rd-party tool. This is especially challenging, in light of a lack of standardization across how data subject requests are handled, aside from the OpenDSR standard pioneered by mParticle, AppsFlyer, Braze, and Amplitude prior to the enforcement of GDPR in May 2018.
Automating data subject erasure requests across your systems
Solving data privacy and governance challenges has been a core tenant of the mParticle platform since inception. Because mParticle acts as a central point of data collection and syndication of data within a brand’s stack, we can help solve this data integration related challenge of federating data subject requests between platforms.
To that end, we’re launching Data Subject Request Forwarding, now available in Beta. Features include:
- Initiate access, portability, and erasure requests from our simple-to-use dashboard or programmatically via API.
- Automatically forward erasure requests to a library of pre-built integrations. Our initial release includes support for Amplitude, Braze, Kochava, Blueshift.
- Monitor the status of each DSR and erasure forwarding status, on a per tool basis.
- Simultaneously delete data in data warehouses connected as mParticle outputs: Amazon Redshift, Google BigQuery, and Snowflake.
To learn more, as well as to sign-up for the Beta, please visit our new DSR Forwarding page.
- Reclaim lost time
Compliance and customer service teams responsible for servicing data subject erasure requests can automate away the majority of tasks in their workflow.
- Reduce compliance risks
By eliminating the manually intensive and error-prone task of administering erasure requests for each 3rd-party data processor, compliance teams can have peace of mind by having full visibility into the erasure forwarding status as requests roll through to downstream tools. Marketing teams no longer have to conduct manual audits prior to executing a campaign, having higher confidence in the proper governance of data.
- Free up engineering resources
Engineering teams no longer have to be concerned with building and maintaining custom integration code to federate DSR requests across the tech stack.
How it works
- The data subject submits an erasure request to the data controller (your organization).
- As the data controller, your organization initiates a data subject request, via the mParticle dashboard or programmatically via the mParticle Data Subject Request API v3.
- On receipt of the request, mParticle sets the status of the request to “Pending” (for deleting data stored in mParticle) and sends a status callback request which includes the expected completion time to all URLs listed in the original request.
- mParticle simultaneously forwards the erasure request to all configured and active Data Subject Request outputs.
- Compliance teams can check the forwarding status of erasure requests using the mParticle dashboard or via the Data Subject Request API v3.
Follow the Forwarding Data Subject Requests for Erasure docs to create and activate your DSR outputs to start forwarding erasure requests.